Passwords - are we moving in the wrong direction?
What’s wrong with a good old password? A memorable word or phrase, with a capital letter, a number or two and maybe an exclamation mark.
It’s worked well for years, and apart from the odd email asking you to change your password because of a security compromise, there aren’t many of us who have been let down by them.
But not everyone seems to think they’re cryptic enough.
Not too long ago, TSB announced that they would be the first bank in Europe to introduce iris recognition. This meant that customers would be able to transfer money and pay bills with just a single glance.
It sounds good. I mean who could possibly have access to your iris?
Well, try the millions of people around the world who can see your Facebook profile photo in just a few clicks.
Yes, a German hacking group called Chaos Computer Club managed to trick the iris scanner on a Samsung device with a photograph and a contact lens.
They’re the same group that first fooled Apple’s Touch ID system on the iPhone 5S. In that instance, it was done with wood glue, graphite powder and a laser etching machine.
But why is it that we want more and more advanced ways of accessing things if it can be proven that they’re not completely safe? Are we simply becoming obsessed with technology and the new and different things it can do?
I have to admit I do get a little bit excited when I visit a gym and instead of 20p or a padlock, the locker requires my fingerprint to lock it. It just seems so much more advanced.
But when it comes to digital security, if we can get it right we may just be better off sticking with the old-fashioned way of doing things. At the end of the day, your password is a secret committed to memory, but how you look isn’t.
How to choose a safe password (and keep it safe)
Statistics from Ipsos MORI show that only 35% of people in London follow the Government’s advice to use strong passwords. According to Norton internet security, there are a number of ways you can make sure you choose a secure password.
1. Use a combination of uppercase and lowercase letters, symbols and numbers.
2. Don't use commonly used passwords such as 123456, the word "password," “qwerty”, “111111”, or a word like “monkey”.
3. Make sure your user passwords are at least eight characters long (this makes them more difficult to guess).
4. Don’t use a solitary word in any language as hackers have dictionary-based systems to crack these types of passwords.
5. Don't use a derivative of your name, the name of a family member or the name of a pet. Also don’t use phone numbers, addresses, birthdays or National Insurance numbers.
6. Don’t use the same password for lots of different websites. If remembering multiple passwords is an issue, you can use a password manager such as Dashlane or LastPass, to securely store your passwords.
7. Use abbreviated phrases for passwords, and add punctuation, spaces or symbols.
8. Don't write your passwords down, share them with anyone or let anyone see you log into devices or websites.
9. Change your passwords regularly.
10. Log out of websites and devices when you’re finished using them.
11. Don’t save your password to a computer's browser, instead rely on committing it to memory.