Password Security is Hitting the Headlines
After years of languishing at the bottom of everyone’s priority list, password security has finally become a ‘hot topic’ and matter of discussion from the halls of academia to middle schoolers. This week we’re taking a look at three stories that moved the needle on improving password-based security, or in the case of Yahoo, encouraging users to ditch the password altogether.
11 Year Old Sells Passwords for $2 Each
This week Ars Technica reported the story of a sixth grader in New York City who has started her own cryptographically secure password company. Using dice theory – a system of rolling a dice, assigning words to numbers, and generating truly random passwords – 11 year old Mira Modi, is bucking the trend among the youngest generation of online users by putting security above all else. Modi notes that “her circle of friends…pick[s] simple passwords for their social media accounts [and] routinely share[s] them with each other.” To further add to her security credentials, Modi sends the passwords by old fashioned mail and doesn’t retain any copies. She reminds customers on her site that “US Postal Mail…cannot be opened by the government without a search warrant” ensuring that at least on her end, security AND privacy are assured.
The Poetry of Passwords
If random passwords or passphrases are causing your brain to short circuit, researchers at the University of Southern California (USC) are suggesting passpoems as an alternative. A brief couplet more than exceeds the requirements of strong passwords as defined by most sites, but the researchers, Kevin Knight, a senior research scientist at USC’s Information Sciences Institute and a professor in their Computer Science Department, and Marjan Ghazvininejad, a Ph.D. student at the institute, warn against choosing an existing couplet because it will lack truly random characteristics and be easier to crack. Interested in reading more or perhaps generating your own random passpoem? The full article first appeared on NPR’s All Tech Considered.
Yahoo Asks Users to Ditch the Password
Last week we noted Apple’s smart move towards more robust security through two factor authentication (2FA). Well, it seems that Yahoo is making a similar move to ditch the password and improve security in the process. Glenn Fleishman reported on Macworld that Yahoo is using an app, Account Key, to promote its security cred and distinguish itself from other services. Besides simplicity for the user, the biggest virtue of Account Key brings is that in the event of an attack or breach, it creates a limit – the hacker can’t accumulate a “pile of passwords” and it eliminates the possibility of a remote attack. In order to execute an attack the hacker must be close enough to you to steal the device associated with the Account Key. As with Apple’s 2FA solution, there are always improvements that can be made, but in terms of an entry-level consumer solution this is another huge development in the online security space.
NBC’s Tom Costello Talks Password Security
NBC’s Today Show is doing a great public service through their series – Hacking of America. By giving you a short cyber security tutorial with your morning coffee, Tom Costello and the Today Show team are making an issue which has often confounded ever day users accessible to even the least technologically savvy person. In this installment Costello takes a look at password security and offers some sound advice on how to boost the integrity of your password without making it so complicated you can’t remember it. To see what he has to say about improving your password security and why you might consider lying in response to the challenge questions, watch this short video.