We have seen large password hacks recently including: LinkedIn, eHarmony, and Yahoo. Hacks so large some in the industry call this the Password Wars. Unfortunately for the general public—we are losing. However, before the trumpets play, let’s give them a fight. Our feature blogger Darren Leroux has touched on this subject before and inspired me to really take a look at innovations that may change the way you secure your information.
Suffice it to say, passwords have run their course and are becoming easier to crack. Technology grows at an intense rate and the intelligence of the technology that is commercially available today is very high—perfect weapons of destruction for the resourceful hacker. A blog site, Ars Technica, explains how, “a PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them.“
Even though, theoretically, passwords are supposed to be random, due to the human thought process of online users, the passwords follow a certain pattern. Humans are, of course, creatures of habit. Some of these tendencies include capital letters at the beginnings of passwords and numbers at the end as seen in the notorious RockYou hack in 2010.
So who is fighting for the home team? I am interested to see what may come out of FIDO alliance (Fast Identity Online)—a consortium of vendors looking for alternatives to password protection. The alliance looks for innovative techniques that employ simpler, stronger authentication.
Some current alternative authentication techniques being developed include:
- Google’s Ring-like Physical Token –A USB-based token authentication technology. To gain access, the user plugs it into their device and launches the Chrome browser which in turn automatically logs him/her into his/her Google account by virtue of the token being detected. Rumours on the blogosphere speculate that these tokens will be ergonomic and possibly wearable.
- DARPA’s Active Authentication scheme—creates an authentication system that tracks how the user uses their device; after which these patterns are analyzed and a fingerprint is created off of that. This technology is still in its initial stages of research but looks promising. It may analyze the length of time for which keys are pressed, the style of language of the user and patterns in the mouse usage. Perhaps it’s my paranoia regarding the idea of “Big brother”, but I’m excited to see what secondary benefits a technology like this may contribute to innovation and data mining.
- Two factor authentication—this method adds another level of security that combines your password and an additional authentication mechanism (like a one-time code that is sent via text message).
This is an interesting area of research spawning during an era of dwindling password security. Nonetheless, train yourself and your colleagues to, at minimum, create better passwords till these innovations get modernized.