Page 80 - Cyber Warnings
P. 80
No One Likes Passwords, So Why Are We Still Using Them?
Users Deserve Better, Websites Need to Deliver
By Charles Durkin, Chief Executive Officer, Privakey
Creating a new online account is a dreaded task for most internet users. Complexity and
security concerns increase user anxiety with each new username and password combination.
Despite tremendous advances in technology, the problem with online identity and authentication
has been getting worse.
The internet’s original design did not include an identity layer, forcing all online businesses to
build their own homebrew service for identifying and authenticating users. The resulting
proliferation of inconsistent and insecure usernames, passwords and “security” questions is now
a bane for users worldwide.
Despite the complexity of creating and managing dozens of passwords, they remain highly
insecure. Michael Chertoff, former Secretary of the Department of Homeland Security, stated
recently that “passwords are the weakest link in cybersecurity today”. Most experts agree with
his assessment.
The password’s primary security flaw lies at the core of the “shared secret” approach to
authentication. As soon as a user successfully selects a password, regardless of its length and
strength, it is stored along with other user account information. The databases of online service
providers such as Yahoo, LinkedIn, and Twitter contain hundreds of millions of user login
credentials.
Databases of stored passwords are a highly desirable target for hackers, because most users
reuse the same password at many sites, including online banks and other financial institutions.
Cybersecurity experts frequently offer guidance on cyber hygiene. Their recommendations
include the use of long, complicated passwords and frequent changes to them. Really?
Which users are actually going to follow such advice? The answer is very few — and those that
do get help from a robotic password manager.
Password managers add another layer of complexity to the password problem and they do not
eliminate the stored passwords from website databases.
Passwords have been around since the dawn of the computer age. It seems quaint now, but
not long ago (last year?) many people were still using the name of their child or their pet as
their password for most sites.
80 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
