recommended reading

The password fallacy: Why our security system is broken, and how to fix it

JMiks/Shutterstock.com

For the few that haven't yet spotted technology journalist Mat Honan's story about his unfortunate hacking, here's the capsule version: What started as an attempt at his Twitter feed via an Amazon account security hole quickly escalated into several wiped devices, a gutted Gmail account, and devastating data loss, both personally and professionally. The terrifying tale ended on a cry for users to embrace Google's two-step verification, which requires a second level of authentication when accessing your Gmail. When James Fallows wrote about his wife's ordeal with a compromised account last year, he came to the same conclusion.

Sure, adding an extra lock would have spared both a fair amount of trouble, but there's a much bigger problem at hand. We're required to take downright ridiculous precautions to maintain our online security, and it's not sustainable. In fact, it never was. Our password system is broken, and it's about time we change it.

Let's take a little tally of where we've found ourselves, shall we? Studies show that we log into some 10 sites a day. Places that hold our most important data, like Gmail, Dropbox, and our bank, might ask us to jump through two tiers of password hoops in order for them to ensure our online security. Overall we're asked to hold keys to 30-40 sites in order to read the news, access our email, or book a haircut. For each of these sites, security analysts recommend using a unique string of 14-characters made up of letters, numbers, and special symbols. But remember: Computers are quick to guess dictionary words, your birth year, and numbers substituted for letters. No repeats allowed. Oh, and whatever you do, don't write anything down.

Who can possibly remember all those characters?

It's a nutty system, so we ignore it, spreading the five or six passwords that we can remember across every online interaction. But that's not a good solution. Connect our sites with shared login information, and we're risking enormous chunks of our online lives. As Steve Ragan, a journalist at The Tech Herald demonstrated in January, a free program and a $300 computer can crack more than 25,000 passwords in seven minutes. Perhaps XKCD said it best: "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess."

Read the full story at The Atlantic.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.