Photo courtesy of Flickr: West Midlands Police
It seems that we see some large, multimillion-dollar company get hacked every other day in the news, with followup stories about how sensitive customer information was stolen. I can't tell you how many times I have received a new debit card and had to change my information for all of my online billing, simply because a corporation I used the card with was compromised and my information had been put at risk. Because of this increase in Internet piracy, cyber-security specialists have long touted the need for stronger, more complex passwords. However, at what point do 16-character passwords with a mix of capital letters, numbers, and hieroglyphics become too much? Are passwords ever going to truly be secure? Security professionals are asking the same question, and some - like Google - are steadfastly proposing some interesting password alternatives.
Why Strong Passwords Aren't Strong Enough
To understand why strong passwords aren't strong enough to protect your valuable information - and why the world truly needs to consider password alternatives - you really need to know what a strong password is.
For starters, strong passwords should contain at least eight characters (the more the better) and have a mix of upper- and lower-case letters, numbers, and symbols. They should not be anything sequential (like 1234, 10203040, or abcdefg) and should not be a combination of your personal information. For example, don't use your son's name and birth date; a password containing Simon01041989 may contain a mix of letters and numbers, but it is also fairly obvious to anyone who knows you, can view your profile online, or digs through your trash.
The complexity and demands of creating multiple strong passwords are actually part of the problem cyber-security pros face. As hackers get more adept at cracking passwords and hacking tools continue to proliferate, the need for more complex passwords continues to grow, until they become burdensome and unwieldy. The average worker is asked to create several of these over-the-top passwords for work, then a multitude more for personal use, making it exceedingly difficult to remember them all.
Because of this, a lot of computer users bypass the law of using separate passwords for each site and opt to just use the same one over and over. This behavior, in turn, makes them - and the company they work for (and its customers) - more at risk.
One of the leading proponents of password alternatives is the forward-thinking tech giant Google, which is suggesting the use of a USB card called a YubiKey to access Google services - and eventually all devices.
Another password alternative that currently exists in certain devices (including doorknobs, vehicles, and even tablets) is biometric security. Biometric security involves using retinal (eye-scanning) or fingerprint analysis to authenticate that a user is who they claim to be. Since these features are unique to every person (even twins), short of chopping someone's hand off and lugging it around with you, they offer a pretty secure alternative to your typical password.
Computer Weekly discusses biometric alternatives, as well as voice-recognition authentication, in this terrific read on alternatives to passwords.
The password alternatives suggested by cyber-security analysts listed in this article just touch the tip of the iceberg in terms of the technology that may eventually (and hopefully will) replace the outdated password authentication process.
Until then, however, always remember to stick to the rules for creating strong passwords. Not only will that protect you and your loved ones' valuable information, but it can also protect a vast number of other people if you work for a large corporation that stores sensitive customer information.