When I think of computer security vulnerabilities, I imagine a hacker crouched over a keyboard as a single drop of sweat slowly slides down her face (hackers tend to be female in my imagination -- I blame Joss Whedon for that). The hacker furiously types randomly until the blinking words "Access Denied" switch to "Access Granted." Then there's a commercial break.
As it turns out, reality isn't quite so cinematic. Hackers don't, as a rule, need to go to such lengths to crack passwords. That's because most of us fail to follow good security habits. A recent article on PhysOrg cites a study that found people are the weak link in computer security.
This should come as no surprise to anyone who pays attention to security reports year over year. For example, this article by SearchSecurity editor Edward Hurley says much the same as the recent study. The main difference is that the SearchSecurity article is from 2002.
Here's the problem: We're lazy and we have lousy memories. Creating a unique, strong password for every site isn't easy. Strong passwords should be at least eight characters long. They shouldn't include nicknames, pet names, anniversary dates or other data that has an actual meaning. You should always avoid picking real words when creating passwords. Definitely don't do what some of the 34,000 MySpace users surveyed in 2006 did and choose "password" as your password. It turns out that's not very secure.
If you want to follow experts' advice, you'll need to create a password that combines letters (in both upper and lower cases), numbers and symbols in a non-meaningful way, assuming the site or service you're using allows you to do so. A good strong password might look like this: e$4WruX7. Now create a unique password for every site that requires one. Now change each password at least seven times a year. Congratulations, you're both extremely secure and probably a robot!
Sadly, humans aren't good at remembering non-meaningful strings of letters, numbers and symbols. We're also more likely to use the same password or small collection of passwords for every site we visit or service we use. Using unique, strong passwords might require you to write down all your passwords, which creates another potential security vulnerability. Misplace your cheat sheet and you're toast.
I'm not sure there's an easy solution to this problem. One possible way to address the issue is to use biometrics. It's harder to fake a fingerprint than it is to guess a weak password. But that means we'd need to depend upon special hardware to scan biometric input. What happens when that hardware breaks or has a glitch?
Personally, I'm looking forward to the singularity. By then, we'll either evolve beyond the need for passwords or our robot overlords (oops, I mean protectors) will remove our sense of individuality. Either way, by then I won't have to remember that my own favorite password is "12345."
Learn more at HowStuffWorks.com:
How Hackers Work
How Encryption Works
How Phishing Works
Photo credit: (c)iStockphoto.com, dcdp
COMMENTS (0)