If you think a jumble of letters and numbers can keep you safe online, think again. The password as protector against internet intrusion is all but dead, fatally crippled by human fallibility and the forces of crime, malice and mischief arraigned against it.
Since Bill Gates warned in 2004 that passwords were nearing the limits of their utility, the idea that even ''strong'' passwords can ward off cyber marauders has been exposed as delusion. Millions of customers of big web brands such as Sony PlayStation, Yahoo!, LinkedIn, Gawker, Evernote and eHarmony have had their login details stolen or posted online.
''We have pretty well established that passwords don't really work,'' says Graham Ingram, who manages the University of Queensland's Australian Computer Emergency Response Team. ''The problem is we don't have a viable alternative. You are not protected and frankly you can't protect yourself.'' Hack methods have become so sophisticated that ''for most people it is a matter of time before they get done''.
Free online software tools that use algorithmic search programs to automate password cracking are so accessible, effective and quick that ''any idiot can do it'', wrote Wired senior writer and hack attack victim Mat Honan.
Using the same password for several accounts is the biggest mistake but most people make it, Mr Dyson says. In time passwords will become just one of several account locks. Increasingly, organisations such as eBay and Amazon and banks require two-step verification, where you enter a code sent to your mobile or a pre-issued security token to complete the login.
Read more: Cracking up: why 'password1' won't keep you safe online from cyber criminals and hackers
No comments:
Post a Comment