Thursday, October 22, 2009

Password Security

Newsweek has published an insightful discussion of passwords, which it calls "the weak link in computer security." The author, Nick Summers, reveals that he created a password a number of years ago and kept using it "as the requirements for passwords evolved ... [he] added extra nines, cobbled on a question mark, and blended it with [his] alternate password." The result of all this tweaking was a password that would access Mr. Summers's laptop, email, bank accounts, blog, work PC, health insurance, Facebook, Skype, Snapfish, Hulu, tax returns, "and at least 39 other sites across the Internet." After making this confession, Mr. Summer is quick to note that he is changing his password.

The point of Mr. Summer's confession is to highlight how vulnerable passwords are and to showcase the CyLab, Carnegie Mellon University's cybersecurity-research department. CyLab doesn't just study the "mathematical theory behind passwords but the way humans actually use them." The CyLab researchers are exploring a number of different approaches to computer security, including biometrics, cryptography, "strong" passwords, security questions, one-time passwords generated by special devices, and image-based passwords. The author feels that for the short term, passwords, flawed though they are, are the most feasiable option for computer security. Unless there is a major security breach, corporations and other institutions are unlikely to invest in innovations that would likely be very expensive.

No comments: