- I am one of those people that can't use touch screens. I haven't seen a good explanation of why this is, but the supposition in the world is either that there is too much moisture on the tips of my fingers or that I produce an electrical current that interferes with the screen's software. Since I drain watch batteries in a matter of weeks, I am inclined to go with the latter. Either way, drawing on a screen with my finger seems like a crummy idea.
- If you're sitting in a room full of people, it is MUCH easier to watch the large drawing motions on a screen and memorize them quickly than it is to memorize a difficult to see, typed password. People memorize things in pictures, so it seems only natural that cracking passwords by watching people with this new picture password would be very easy.
Over the holidays,
every online purchase I made presented me with a customer form. Every time you start a new job, you need to
select log-in credentials. They all want
a unique password. Some of them will
then present you with a list of security questions- supposed reminders to get
your password. Hands down, these are
ALWAYS the WORST set of questions imaginable.
Either:
You get a list of
questions about what your favorites are (like those don't change??)
OR
You get a list of information that anyone looking in the hall of vital statics could get for free. In fact, dexonline.com and MyLife.com all list most of this information about a person for free- online.
Some of the worst
questions I've seen are things like:
"What High
School did you attend?"
"What city
were you born in?"
"Use your
secure identifier (i.e. your ZIP Code and the last 4 digits of your SSN)"
or the ubiquitous,
"What's your mother's maiden name?"
To make matters
worse, every site is now merging all of their sign-on security with Facebook,
LinkedIn, or Gmail.
Yes, it's more
convenient.
No, you don't have
to remember more than one password.
(Not that it usually matters because most of us only use a handful of
passwords for everything).
But,
seriously: how much information do you
want accessible with one hacked password?
Experts say the
best security has three parts:
something you have, something you are, and something you know. Something you have might be a keycard or a
fob of some sort. It is a complete
random assignment to you as a person.
Something you are would be a fingerprint or retinal scan- it is unique
to YOU. And something you know would be
your password. Now, Windows has come out with a picture-based password system.
If you haven't seen the TV ads for this yet, it works like this:
You pick a picture.
You outline or draw
on it with your finger.
That outline is now
your sign-in password.
It seems like
something rather novel and cool, but I realized that it really isn't for two
reasons:
I recently
purchased a new laptop with a fingerprint scanner and I find that, not only is
it very convenient to swipe my finger to log in, it is also much more secure
in a room full of people. There isn't
anyone who can guess your fingerprint from watching you type. It makes me wonder, though, why more
websites aren't incorporating this type of security measure as an additional
option to your account.
So, while we all
wait the retina scanner for our online bank account access, I recommend
reviewing your passwords and changing them - at least once a year. Research by Graham Cluley has shown that
using an abbreviated statement instead of a word; something like
"NYR#3_ChPwd".
Just make sure it's
something you can remember….without the Post-It note stuck to the side of your
computer screen.
No comments:
Post a Comment