Your email. Your bank account. Your address and credit card number. Photos of your kids or, worse, of yourself, naked. The precise location where you’re sitting right now as you read these words. Since the dawn of the information age, we’ve bought into the idea that a password, so long as it’s elaborate enough, is an adequate means of protecting all this precious data. But in 2012 that’s a fallacy, a fantasy, an outdated sales pitch. And anyone who still mouths it is a sucker—or someone who takes you for one.
No matter how complex, no matter how unique, your passwords can no longer protect you.. (Wired Magazine: Kill the Password: Why a String of Characters Can’t Protect Us Anymore)
In a shocking article written by a person who can only be called a computer superuser, he explains why Internet security has finally become a myth
First off, most of us commit fundamental mistakes with passwords. Some people even use "password" or "123456" as their password. This means the bad guys hardly even have to guess. They'll try those first and be correct often enough to make it worth their while.
We're told passwords need to be long and random and include upper- and lower-case letters, numbers, and even punctuation to be safe, but with the processing power available using today's personal computers, cracking even elaborate passwords is possible.
And even where a password is long and effective at thwarting even automated guessing, the bad guys can simply get on the phone and trick a customer service person into giving it up. All they need is one or two facts about you. Sometimes the bad guys bluff their way into an account with no information at all! They change the password and then rummage around for information they can use to bluff their way in more easily to some of your other accounts.
One mistake many of us make (and sometimes are forced to make) is to log into some site using our Facebook or Twitter login. This linking of accounts has made it much easier for the baddies to take over or modify to their benefit everything you value online, obtaining credit card numbers, your bank account login and pin, If they are pranksters, they could log into your Facebook account and leave offensive racist or sexist posts.
Back to passwords for a sec. The usual advice was not to reuse passwords on multiple sites and to make them long and hard to guess. They also told us not to write them down. I'm reminded of that poster you often see in print shops: "You want it good and cheap and fast? Pick two and call me back." Even one long and elaborate password would be hard to recall without writing it down, but most of us have at least a half dozen sites requiring passwords. It's become impossible to follow the best password advice.
But what about fingerprint or iris scanning? They have a big problem. There are ways to copy and use them. If a crook or prankster figures out how to duplicate your fingerprint or iris pattern, you're screwed. At least you can change a password.
Even if all that stuff worked, there are so many ways to go around the front end straight to back end of a computer system. A baddie can install software to record information over a period of time that could be short or long and then use that information to the detriment of one or hundreds of thousands of people. For example, it could collect credit card numbers given to an online merchant and then sell them to the highest bidder or, if he's a prankster, dump them on any of the sites where password trading goes on.
You can find out more about this topic by pursuing the link following the italicized paragraphs at the top.
If anybody cares, my password is: nqwfjnw]rep-9rucnfr of[0chi,]r.e-doaespkjvf dk34-0if clrf'b[l rt09u[er90938crn r8 w}ew0x2394e8rmxqw[[ixm5tnrnn3w]superfragilisticexpialidocious
I developed a password generation technique and wrote a paper about it in grad school. The method generates a strong password that is unique to each system you use. Best of all, the passwords are impossible to forget because you don't know them yourself. You only know how to reproduce them.
GM I'd like to know how this works. Creating passwords is one of those things that taxes my creative imagination and a necessary evil.
The password generation? yes it did. Smart technique :)
That is pretty ingenious, and I'd hazard that just one shape made this way would be a better password than most other passwords. But then this comes to mind.
Nice, would love to see some code for it. Another way I saw a few months back on Hacker News was to take a password, append a few letters from the name of the site or service you want the password for, like a salt, and hash it.
Found it - Vault
In the future, effective passwords will require a mix of upper- and lower-case letters, numbers, punctuation, and at least one each of characters from Sanskrit, Hebrew, Arabic, and Cyrillic alphabets combined with a scrotum or vulva scan and the recitation of Lincoln's Gettysburg Address in phonetically correct reverse order.
Or a mix of biometric measures and passwords/passphrases
Me too, Gallup's Mirror - I'd like to know anything I can understand (sorry to limit you in that way). However, if you need me to abandon Windows, then that will be a slow painful experience for us both!
My eyes glaze over whenever the "solution" to any computer problem turns out to be switching away from the most widely-used computer OS around, having to learn a bunch of new apps to do what I have already learned to do efficiently, and all to exist on what might as we be another planet.
Bloody hell, I'm so close to being convinced...