As useful as they are, passwords are also often a weak point in our security systems. And studies have shown that people today are no better at managing passwords than they were 50 years ago. All too often people use their birthdays or the names of their pets or family members as passwords, which is why systems are now demanding that uppercase characters, symbols and the like be incorporated into passwords. The downside of this is that passwords are becoming increasingly trickier to remember.
Studies have shown that users tend to use the same passwords for several accounts. Some studies indicate that users share five to six passwords across more than 100 sites. And often these passwords are years' old. In fact, the word 'password' is used more often than you'd like to know, as is 'qwerty' or even the good old '123456'. Remember, the easier it is for you to remember a password, the easier it is for a hacker to guess.
Which brings us to second-factor authentication. You should use it. Simply put, it combines your password with a second verification step, such as an SMS verification code sent to your mobile phone. This is a pretty secure way of keeping your accounts safe, after all, the banks use it. It's still not perfect though, there have been instances where employees of cellular telecommunications companies have colluded with bank employees to clone clients' SIM cards, thus gaining access to their personal banking information.
The smarter criminals become, the more inventive we have to become in order to protect our data. Have we come full circle and returned to a physical key that only we have in our possession and that can't be copied? Parsec Senior Product Manager Jaco Botha believes so.
Botha says, "Instead of a key as most people know it, I'm talking about a physical USB key that is personal to you that can store thousands of passwords that can be accessed using one master password. This enables people to choose more complex passwords without having to remember them - or write them down somewhere - because they're stored on a hardware key. A password vault, if you will.
"Such a key gives the user the ability to manage passwords easily and pick stronger passwords. And since you store them electronically, you should be able to select more complex passwords."
But when everyone and everything is moving to the cloud, why does it make sense to store your passwords on a physical key? Botha explains: "A popular approach is to store your passwords in the cloud. Whether the passwords are encrypted or not, we perceive that as a risk - there have been recent cases of password leakages. The cloud simply has a bigger attack surface. We believe you should store your passwords on a device that is personal to you and even if it's stolen, can't be accessed.
"This method brings security back to the individual as the physical key can't be targeted by the millions of hackers around the world who are trying to access online password stored in the cloud, as the attack surface is that much smaller."
Another advantage of a hardware key is that it can be used in second-factor authentication as supported by a new standard called U2F, developed by an organisation called FIDO (Fast ID Online). This standard is widely supported by the likes of Google, Dropbox and Facebook. It allows users to enable second-factor authentication that uses a USB key as the second factor, instead of sending an SMS to your mobile phone, for example.
Botha says: "You can set this second level of security to kick in only when you log in from a new computer, or every single time you log in, depending on how sensitive the account is that you're accessing."
So it seems that the surge in cybercrime is driving us back to the physical key, albeit one that incorporates state-of-the-art technology, to protect our digital identity and assets.
Share