Earlier this year, Wired Magazine writer Mat Honan had his entire digital identity stolen from him when hackers cracked his email password and then systemically took over all of his cloud and social media accounts.
Matt writes of his experience on Wired and proposes it’s time to kill the password.
The problem with Mat’s proposal is that he doesn’t suggest an alternative.
The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place.
Every alternative authentication method to passwords has flaws just as serious, if not worse. Many are plainly impractical.
All of them, including passwords, have the common weakness that those holding the information can’t be trusted either – one of the greatest ways for passwords to get into the wild is when incompetents like Sony give them away.
Security is evolving, in the meantime we need to keep in mind some basic rules.
- Use different passwords for different accounts
- Only access accounts from trusted and up-to-date computers
- Create strong passwords for accounts that matter, like online banking and email
- Strong passwords are multiword phrases
- Use two-factor authentication if its available
- Don’t link unnecessary social media and cloud accounts together
- Be very careful
We should also remember that a skilled, motivated hacker will probably break into your account regardless of your computer security. In this respect it’s no different to the physical world where a determined criminal will get you regardless of the locks and alarms on your house.
It’s also important to remember that security is more than just evil hackers; data can be damaged or given away by a whole range of means and people breaking into systems is only one risk of many.
Computer security is an evolving field and while it might be premature to declare the password dead, we’re going to see big changes as we try to lock down our valuable digital assets.