recommended reading

The password fallacy: Why our security system is broken, and how to fix it

JMiks/Shutterstock.com

For the few that haven't yet spotted technology journalist Mat Honan's story about his unfortunate hacking, here's the capsule version: What started as an attempt at his Twitter feed via an Amazon account security hole quickly escalated into several wiped devices, a gutted Gmail account, and devastating data loss, both personally and professionally. The terrifying tale ended on a cry for users to embrace Google's two-step verification, which requires a second level of authentication when accessing your Gmail. When James Fallows wrote about his wife's ordeal with a compromised account last year, he came to the same conclusion.

Sure, adding an extra lock would have spared both a fair amount of trouble, but there's a much bigger problem at hand. We're required to take downright ridiculous precautions to maintain our online security, and it's not sustainable. In fact, it never was. Our password system is broken, and it's about time we change it.

Let's take a little tally of where we've found ourselves, shall we? Studies show that we log into some 10 sites a day. Places that hold our most important data, like Gmail, Dropbox, and our bank, might ask us to jump through two tiers of password hoops in order for them to ensure our online security. Overall we're asked to hold keys to 30-40 sites in order to read the news, access our email, or book a haircut. For each of these sites, security analysts recommend using a unique string of 14-characters made up of letters, numbers, and special symbols. But remember: Computers are quick to guess dictionary words, your birth year, and numbers substituted for letters. No repeats allowed. Oh, and whatever you do, don't write anything down.

Who can possibly remember all those characters?

It's a nutty system, so we ignore it, spreading the five or six passwords that we can remember across every online interaction. But that's not a good solution. Connect our sites with shared login information, and we're risking enormous chunks of our online lives. As Steve Ragan, a journalist at The Tech Herald demonstrated in January, a free program and a $300 computer can crack more than 25,000 passwords in seven minutes. Perhaps XKCD said it best: "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess."

Read the full story at The Atlantic.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    View
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    View
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    View
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    View
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    View
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    View

When you download a report, your information may be shared with the underwriters of that document.