AOH :: ISNQ4365.HTM

So many passwords, so little memory




So many passwords, so little memory
So many passwords, so little memory



http://www.telegraph.co.uk/opinion/main.jhtml?xml=/opinion/2007/07/30/do3004.xml 

By Jason Nisse
30/07/2007

I recently signed up for an online service from a leading firm of 
financial advisers. It allows me to check on my pension, transfer funds 
in and out, view my investments, deal in shares, check the football 
scores, make tea and probably reach Nirvana. Or it might do if I could 
access it.

For security reasons, you need three different passwords and I have as 
much chance of remembering all three as Ming Campbell has of becoming 
prime minister.

I could write them down on a piece of paper, but I've been cowed into 
submission by the online nannies who say that this is not something you 
should do, for fear of it falling into the wrong hands. Yet I bet that 
this security breach is committed every day.

And why? Because the plethora of electronic devices and services we need 
for everyday life mean we have too many passwords and pin numbers to 
remember.

On an average day I need to remember umpteen different chunks of 
otherwise useless information. I turn on my mobile phone - it needs a 
password. I get to work and my computer needs a password. At a former 
job, my computer needed two passwords, one of which had to be changed 
every month and could not have any characters in common with the 
previous month's password.

Like many people in Britain, I have two bank accounts. One needs a 
five-digit number and a password; the other a six-digit number and a 
memorable place name. I have an online savings account that needs a 
different password from the password for my bank account.

I could also check my credit card account, but that needs a different 
password entirely. The same is true for my mortgage account and my 
mobile phone bill. Some of these passwords have numbers in them, some 
don't. Some have to have capital letters, some don't work if you use 
capital letters.

Even if you never use a computer, you can be hit by the password 
overload. Look in your wallet. You probably have four or five credit and 
debit cards. In these days of chip and pin, these are virtually useless 
if you do not have the magic four-digit numbers.

The banks tell you not to have the same number for all your cards. Give 
me a break. Am I going to carry five different random four-digit numbers 
in my head? After all, I'm not Good Will Hunting.

I've tried systems to help me remember - such as using the names of 
Arsenal players (that fell down when they were transferred), favourite 
films or members of my extended family; but none seems to work. So what 
is the solution?

If you are a bit of a technical whizz, you can download a "password 
safe". These are programs that store all your passwords so they can be 
used for accessing sites. The problem is that you can only really use 
this on one computer, ideally your home one, and if that gets stolen you 
are in trouble.

Some of the high street banks are starting to offer customers a 
"dongle", which is a portable password device that plugs into your 
computer. This is essentially an electronic version of writing the 
password down on a piece of paper, though it is supposedly secure from 
hackers.

The problem is that dongles cost money and if the one your bank gives 
you doesn't let you store other websites' passwords, you could end up 
carrying a dozen dongles in your pocket.

I asked a few pointy-headed computer security experts for advice and 
they steered me in the direction of "public key encryption". I'm not 
going to try to explain what this is, short of it being a mathematically 
devised formula that gives you unique codes that link to other codes on 
a website you want to access - if they fit, you are let in, as if you 
had a key to a door.

This is monitored by a "trusted third party" - essentially a computer 
that acts as a gatekeeper between your computer and the website's 
computer.

In other words, instead of trusting your own faltering brain, you need 
to put your trust in a computer to manage your passwords for you.

Unfortunately, I'm still scarred by The Terminator, the Schwarzenegger 
movie in which machines begin thinking for themselves and start waging 
war on the human race. Except that in my imagination, they're smarter. 
They will simply raid our bank accounts, buy smart cars and take swanky 
holidays in the Maldives.

Putting all your cash in a box under the bed never seemed so attractive.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods