Passwords vs Us

For years computer users have been locked in combat - at work with controlling IT departments that stopped letting us use our pet's name as a password and at home with online service from Facebook to banks all demanding a different password.

In the battle of us vs. passwords, so far passwords are kicking our butts! And that's not likely to change very quickly. The New York Times recently reported on efforts underway to ameliorate the password nightmare for most of us. There are many interesting ideas out there - touch sensitivity, biometrics, multi-layered passwords stored in diverse locations - but it won't be an easy road to achieve uniformity.

A bigger question is if uniformity is even desirable. What if you could have only one password? And with it you could get into everything from Facebook to your bank account. You could trade stocks in your investment account online using the same password you use to play Words with Friends. Terrific, right?

Until you are hacked.

Single signon sounds like the Holy Grail of password protection but it must be uncrackable, unhackable. A recent effort at retinal scans found they could be defeated by a high res photo of the user held up in front of the camera. And fingerprints? Not all that hard to replicate if you really want to. 

New efforts focus more on what makes us unique and apparently we ARE all different in a thousand odd little ways. Like how much pressure you exert with your thumb vs your forefinger when turning a virtual knob on a screen. Who knew? 

While we're waiting for the next big thing, however, we are busy attaining more technology and being more mobile. (Everyone who got an iPhone or iPad for Christmas raise your digital hand). With that mobility comes our demand that our files, our photos, our videos, our bank balances, our contacts, and yes, even our passwords, be available to us at all times. Apps make this easy and cloud storage makes it possible. But in the words of Spiderman's Unlce Ben, "with great power comes great responsibility."

Once in the cloud, your information is at once more accessible and less safe. Relying solely on any online company from Apple to Dropbox to be responsible for protecting your identity is reckless. No company accepts any responsiblity for your lost data (read the fine print) and even if they did how could they compensate you for the loss of your identity?

Each user has to take some basic steps to protect their data and prepare for what happens if it is lost. Here five things you can do right now.

 

  • Devise a password scheme that is harder to crack. No recognizable words. Use a number/letter interchange such as @ for at or 1 for an i. Have at least two variations because not all online services or systems will have the same password criteria. As a rule make your password more than 8 characters and always include a number. 
  • If you keep data in the cloud with services like Apple's iCloud, Dropbox, Box.net or Evernote, make a local backup on a regular basis. It is tedious and time consuming, yes. Most services do not provide an easy way to do this. And if you lost everything in your Evernote account tomorrow and it wouldn't mean anything to you, then don't bother. 
  • Read before you act. Every time you sign up for a service that asks for permission to access information, think before you click OK. What do they want from you and how will they use it. If you can't find out on their website or get an adequate answer from customer service, you might want to pass. 
  • Do not store your credit card number on any online retailer's website. Yes, it is a lot easier not to have to fill it in each time you buy something. But it is also much less safe. Apple, Sony, DSW Shoes,  Chase and Bank of America are just a few major online desitinations that have been hacked for credit cards or personal information. The less you store online and the fewer locations you store it with, the safer you are. 
  • Keep a hard copy of all your banking, investment and credit card information safe in your home or office (a fire-proof home safe is a great idea). Make sure you have your account number, any passwords or challenge questions you may have to provide and key information about the account. If you are hacked, your first step must be to cancel accounts quickly. Having critical phone numbers and account numbers in one place may help you minimize the damage.

 

No matter how reputable the web site or service, they can still be vulnerable to attack. Hackers are working just as hard as technology researchers on new password schemes and protocols. In the end, it's your data and you need to take the steps necessary to protect yourself if the systems you have conveniently relied on fail.