Monday, February 20, 2017

What's Your Password?

What's Your Password?
In the past, when I was helping users with computer issues, I used to ask that question all the time. If it wasn't taped to their monitor, they rarely hesitated to give me their password. That's okay, because I gave them something in return; technical support to help them get back to work.

But many people give out their password over and over again to complete strangers? That's exactly what happens when you sign up for some new online service and use the same password you use for every other online service where you have an account.

Why do people do this? Because it's impossible to use a different password for every single account you have online. How would you remember them all? There is a way, but more on that in a bit.

Because of the constant hacking taking place online, users are told that they must use a secure password. At least one letter, one number, one symbol, one upper case letter, etc. Most people adhere to those standards because they are forced to, but how many really use a different password for every account? One survey says that 55% of users use the same password for most, if not all, websites.

Are you really choosing a secure password? Here's a quiz from Carnegie Mellon University to see how much you know about choosing a hard-to-guess password.

Those other 45% must write all those passwords down, but that's another rule. Don't write your passwords down!

Eventually this issue will reach critical mass and chaos will ensue. What's the solution to this mess?

My laptop has a fingerprint scanner so I never type a password to login to Windows. Well, that's not true. Once I upgraded to Windows 10, the fingerprint scanner stopped working because HP did not support the upgrade so no drivers are available to make it work. A great idea while it worked. I'm the only one who could login.

Facial Recognition
A neat idea if you don't have tape over your webcam to keep people from spying on you. I used it for a while on an old Lenovo laptop, but it didn't work very well because the varying background behind me confused the software when I logged in from different places.

Badges, Random Number Generators, etc.
Many businesses use proximity badges that will log you in or out of a computer as you approach or walk away. This makes it easy for the user, but if they lose their badge, the possessor has access to the users account. Not very secure.

Other companies use credit card-sized cards that generate a code which you type into your computer. You use the code in combination with your password, so it doesn't solve the password issue. You can use this yourself if you use the Authenticator app on your smart phone and if the service you're logging into supports it.

When logging into Yahoo! on your computer, an app will activate on your smart phone and ask you to verify that you're logging in. A good move by Yahoo! since 1 BILLION accounts on the service were hacked. They were hacked again last week!

What's something easy that you can use today?

Using Multiple Secure Passwords
I now use the Dashlane program on my computer to generate a different unique and secure password whenever I sign up for a new service. It automatically enters my username and password on websites when I login so I don't have to remember them all. The service is free. For a monthly charge, you can use a companion smart phone app that will sync the account information to your smart phone. When you launch Dashlane on your computer, the program uses two-factor authentication and the Authenticator app, which makes it even more secure.

And, by the way, if a website has two-factor authorization, use it! Most will ask you one of those secret questions you see all the time. Try to choose something different for each website and don't choose one with an answer that might change. For example, don't use the favorite movie or musical act or anything else that might change over time.

The Future
CBS News Sunday Morning shared a new technology that uses your heartbeat to log you in. Actually, it uses your heart rhythm because everyone's rhythm is unique. Your Apple Watch or Fitbit might assist you when logging in someday. If you lose your device, it doesn't matter because no one else has your heart rhythm. But will the bad guys learn to record heart rhythms so they can be played back later in order to hack your account? Only time will tell.

So, What to Do?
Until the heart rhythm login becomes reality, I recommend to use Dashlane or a similar product. Many companies endorse this method for their users and since I've been using it, my life is much simpler, and I haven't been hacked yet... that I know of...

No comments:

Post a Comment