Sunday

The Problem With Passwords

The problem with passwords is - they don't work very well. There are a couple of aspects to this; first, most of us tend to use passwords we can remember easily, which leads to a short and simple password. Convenient, but almost useless. Second, and perhaps worse, we tend to re-use the same password for different accounts - I used to do this myself, so I know it to be true. 



To the first point, you might protest that since you have to remember the password, it has to be shorter and simpler. That's not really true, if you use some kind of password manager (a single source that maintains your passwords, with one master password). Using that method, you only need to remember one (master) password - see my recent post on using LastPass, for example. 

The second point can have more dire consequences - one hacked account leads to another and another and so on. Even using complex passwords, with the raw computing power available today it's easier and quicker than ever to "crack" passwords - effectively using a computer program to try all possible password combinations in succession; a guessing game done at super-speed.

By using the same password for more than one site, you are making it that much easier on the bad guys; they can access (say) an email account, then after poking around they find which bank you use and try the email password for the bank site. How convenient, it's the same password!

Some are already pointing to other ways to secure transactions, moving away from the username/password model, such as that proposed by the Fast Indentity Online Alliance (FIDO). Until we get there, longer passwords are still better than short ones, and please don't re-use passwords on different accounts.

No comments :