By Jason Nisse
I recently signed up for an online service from a leading firm of
financial advisers. It allows me to check on my pension, transfer funds
in and out, view my investments, deal in shares, check the football
scores, make tea and probably reach Nirvana. Or it might do if I could
For security reasons, you need three different passwords and I have as
much chance of remembering all three as Ming Campbell has of becoming
I could write them down on a piece of paper, but I've been cowed into
submission by the online nannies who say that this is not something you
should do, for fear of it falling into the wrong hands. Yet I bet that
this security breach is committed every day.
And why? Because the plethora of electronic devices and services we need
for everyday life mean we have too many passwords and pin numbers to
On an average day I need to remember umpteen different chunks of
otherwise useless information. I turn on my mobile phone - it needs a
password. I get to work and my computer needs a password. At a former
job, my computer needed two passwords, one of which had to be changed
every month and could not have any characters in common with the
previous month's password.
Like many people in Britain, I have two bank accounts. One needs a
five-digit number and a password; the other a six-digit number and a
memorable place name. I have an online savings account that needs a
different password from the password for my bank account.
I could also check my credit card account, but that needs a different
password entirely. The same is true for my mortgage account and my
mobile phone bill. Some of these passwords have numbers in them, some
don't. Some have to have capital letters, some don't work if you use
Even if you never use a computer, you can be hit by the password
overload. Look in your wallet. You probably have four or five credit and
debit cards. In these days of chip and pin, these are virtually useless
if you do not have the magic four-digit numbers.
The banks tell you not to have the same number for all your cards. Give
me a break. Am I going to carry five different random four-digit numbers
in my head? After all, I'm not Good Will Hunting.
I've tried systems to help me remember - such as using the names of
Arsenal players (that fell down when they were transferred), favourite
films or members of my extended family; but none seems to work. So what
is the solution?
If you are a bit of a technical whizz, you can download a "password
safe". These are programs that store all your passwords so they can be
used for accessing sites. The problem is that you can only really use
this on one computer, ideally your home one, and if that gets stolen you
are in trouble.
Some of the high street banks are starting to offer customers a
"dongle", which is a portable password device that plugs into your
computer. This is essentially an electronic version of writing the
password down on a piece of paper, though it is supposedly secure from
The problem is that dongles cost money and if the one your bank gives
you doesn't let you store other websites' passwords, you could end up
carrying a dozen dongles in your pocket.
I asked a few pointy-headed computer security experts for advice and
they steered me in the direction of "public key encryption". I'm not
going to try to explain what this is, short of it being a mathematically
devised formula that gives you unique codes that link to other codes on
a website you want to access - if they fit, you are let in, as if you
had a key to a door.
This is monitored by a "trusted third party" - essentially a computer
that acts as a gatekeeper between your computer and the website's
In other words, instead of trusting your own faltering brain, you need
to put your trust in a computer to manage your passwords for you.
Unfortunately, I'm still scarred by The Terminator, the Schwarzenegger
movie in which machines begin thinking for themselves and start waging
war on the human race. Except that in my imagination, they're smarter.
They will simply raid our bank accounts, buy smart cars and take swanky
holidays in the Maldives.
Putting all your cash in a box under the bed never seemed so attractive.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com