Alternatives to passwords
So what can be done and are passwords really necessary? We
can look here to banks, which tend not to rely on the usual username and
password combination and often employ ever more elaborate ways of letting you
access your money.
Take HSBC, for example, which uses what's called a Secure
Key When logging on, you have a unique, long number which, strangely, can be
remembered by the browser but the next step is to input the answer to a
question you set up when generating the online account. The next step is the
most secure. Using your calculator-style Secure Key, you input your pin number.
This generates a code that you have to enter into a box. And you have to be
quick because the code is time sensitive, with the computer system knowing what
will be a valid code for that moment.
Alternatives to
passwords?
The Secure Key has a clock built in, synchronized with the
clock on the bank's computers before it's sent out. It also has a unique serial
number allocated to it, which is only known by the bank. The PIN is only known
to you. And the answer to the question should also only be known to you as
should the initial user ID. Only when you have all of the information and
Secure Key to hand can you actually get in. It may be a pain at times, but it
works. And this is an example of a time synchronized password that can only be
used once.
Sticking with banks, some ask you to input certain
characters from your password, which enables them to block bots, which may try
to infiltrate the system by inputting a username and password automatically to
be asked for the first, third and sixth letter, for example, makes automation
impossible, so a hacker would have to enter it manually.
The Secure Key has
a clock built in, synchronized with the clock on the bank's computers before
it's sent out
A Pass-Window system is also effective. It places a unique
key pattern on a transparent section of an identity card. This has to be held
over a generated pattern image on a display and, when it is, a series of digits
is shown that can then be entered as your single-use password.
It could be that, in future, webcams are used to log us in.
They could read our eye's biometric data. Fingerprint scanners would also
ensure only the user could gain access, but this means having extra, costly
hardware. Other hardware solutions include using portable storage devices,
which need to be plugged in when is gaining access to a server, but again they
can be cumbersome.
Non text-based passwords could work well. Instead of
remembering words, they require you to click on images in a set pattern that
only you know. Swiping technology such as that on phone are also avoid
passwords by recognizing a particular pattern. If you don't swipe across a
screen in the exact right way, you will not be allowed in.
And yet for all of this, one of the major issues people have
is username/password fatigue, where it seems you are forever trying to remember
combinations and tapping in information just to get simple data. It's why so
many people use the same username and password for many sites or even write
them down. They are seen, for large numbers of people, as barriers. It may be
lazy, but there are reasons why people allow browsers to remember their
passwords, yet it's fair to say they are hardly helping themselves.
Hacking is an
ever-present problem, so regularly changing passwords and not having the same
one for multiple sites is always a good security device.
Banks put in extra measures to save their own skin. They
know that someone who has compromised their own password could end up costing
them money when a claim is made against them.
For most sites, though, the username and password works very
well and while hacking is an ever-present problem, regularly changing passwords
and not having the same one for multiple sites is always a good security
device.
It's true that we're not going to see an end to hacking and
no matter what system is put in place there will be people trying to find a way
in. All we can do is figure out ways of making it harder for thieves and
perhaps do more than Mr Chow and make the password as complicated as possible.
They make you "add number" for a reason and the more complex the
better. Together we can beat the criminals or at least give them a damn good
headache.
|
Data blast
·
On average, men store $2776 on games consoles or tablets. Women
store $257.
·
Career information stored on digital devices is worth an
average $1047.
·
A huge 72% of people have personal information stored on their
digital devices.
·
41% of people say they store from $79 to $798 on their digital
devices and 27% store between $784 and $7978.
Source: McAfee
|
