Books written by Ray Sullivan

Sunday, 2 June 2013

Password Security Hard To Swallow

Passwords have to be the bane of modern life.  Along with Personal Identification Numbers (PINs) they must rank amongst the most evil of the necessarily evil  inventions known to mankind. 

Take PINs first - there's no end of people queuing up to take mine, judging by my spam folder.  I wouldn't mind, but I've just had one of those reminders from the bank - you know the one, asking who is banking with who?  Anyway, for something that has a mere ten thousand combinations, they don't half create some mayhem. 

We're encouraged to either use the number combinations provided by the card providers or to create our own while complying with some basic rules.  The first rule is to use the numbers provided by the card provider, for the simple reason that any guessable number combination is a pure coincidence.  To be fair, they are right and that's the best way to gather your card numbers, because mangling up your pet dog's date of birth is bound to become compromised sometime.

But we have so many of these darned cards these days and trying to remember all the relevant numbers for all of them is an almost impossible task.  In fact I tend to remember the shape rather than the numbers, so don't bother holding me up at knife point.  I might be able to draw you the PIN, if you get my drift, but it makes a mugging more like a game of Pictionary.  The weirdest number situation I found myself with a few years ago was two independent PINs sent by two separate banks that were identical.  I did run with those cards using the same PIN for a while, but inevitably one got compromised on PayPal and I forgot the other so now they are two completely different number sequences rattling around in my head along with all the others.

Then there's passwords.  General wisdom is at least eight characters, letter in mixed case, numbers and symbols, preferably a completely random collection.  Don't even think of writing them down anywhere, even in a code that GCHQ would struggle to crack, otherwise anything you use the password for is compromised and any losses are yours to absorb.  Don't forget to have a different password for each and every website you pass by now and then, plus your computer log in, that's right, those at work and at home.  And do change them at least once a month without reusing any.

I hate to point out that there are a finite number of such 8 digit passwords in the universe and currently I've used about half of them.

Google thinks there's a better way - well it seems clear that there are few worse options.  They've developed a tablet that interacts with your stomach acids to create a battery - that bit probably isn't too difficult although FDA registration is likely to be a bitch - they insist on a lot of documentation for anything like this.  I don't know if Google have considered the paper chase, but at least they've cracked the security, which is another FDA requirement.  Once the battery is up and running the pill uses the electricity to power an 18 bit code that can be used as a wireless password.  I'm guessing the pill interacts with some other part of the body's chemicals to create a unique signature but Google are being a little sketchy about that.  They don't mention how long the pill lasts for, either.  I don't fancy becoming a pill popping techno geek.  I don't even know what made Google think about Android tablets in the first place.

If popping pills isn't your idea of authentication fun - that sounds like some sort of adult party concept - then they've developed a method of authenticating using a tattoo.  For goodness sake, one minute we're told not to write the flipping things down, now Google want us to have them permanently painted on our ankles or butt.

Neither of these ideas are likely to feature in Google Android releases any time soon, according to the company - phew, I'm not sure I want 8 random letters, numbers and an obscure symbol that means infinity minus the number of cornflakes in my bowl this morning tattooed on a secure part of my body any more than I want to pop a pill every time I want to log onto my work account.

But Google do have one thing right in that we need to move on from collections of letters and numbers to authenticate our computers.  Conceivably our data is now more valuable than our savings and anyway the passwords and PINs give access to those anyway.  I'm not convinced I'll be slipping pills down my gullet any time soon but at least Google's thinking outside of the (pill) box.


                                                          Visit my Book Website here

        Visit Project: Evil Website here                                        Visit DLF Website here

        Follow me on Twitter  - @RayASullivan

        Join me on Facebook -  use to find me

No comments:

Post a Comment