So, how safe are you from hacking? Your bank account, e-mail and Facebook could all be accessed in seconds. Despite this, the almost laughably antiquated system of password protection has persisted in the internet age, securing our finances and personal details. These sequences of letters are usually recognisable words that are easy to remember and, we imagine, impossible to guess.
But we’re spectacularly unimaginative in our choice of passwords and, despite constant reminders that this represents a security risk, we carry on using them, reassuring ourselves that we haven’t been scammed thus far. But that’s a bit like wandering blindfolded around busy town centres and saying: “Well, I haven’t been hit by a car yet.”
But passwords will persist, not least because we are hugely resistant to anything more complex.
Whenever the news features security breaches, from celebrity Twitter accounts to personal data leaks, weak passwords are often to blame. Our laziness in this regard is revealed in statistics that would be hilarious if the implications weren’t so serious.
According to data from Mark Burnett, the author of the book Perfect Password, 98.8 percent of us share the same 10 000 passwords. Many online security systems are built to withstand repeated incorrect guesses but, if they aren’t, a computer could quickly zip through 10 000 attempts and gain access.
It seems incredible that “password” is still the most popular password. “5683” might seem at first glance to be a random passcode or PIN but it spells out “love” on the keypad, and that’s as much of a gift to hackers as the common password “iloveyou”.
So why are our passwords still so predictable? According to Burnett, the common advice we’re given – particularly to mix letters and numbers – is misguided. “People just aren’t as savvy as they think they are,” he says. “For example, many people try to be clever with passwords like ncc1701 or thx1138, but these are the ship number for the Starship Enterprise and George Lucas’s first film respectively, and they’re incredibly common. Rather than bothering with how many capitals, numbers, and symbols we have, we should make them longer.”
There are three ways a password can be compromised. The first is simply to ask us what it is. Social-engineering techniques can persuade us to give it up very easily, for example via a rogue e-mail purporting to be from a bank. The second is to have a guess, and as we’ve seen, 10 000 guesses will hit paydirt 98 percent of the time. The last is brute-force cracking, where all the potential combinations are laboriously worked through until the right one is chanced upon – and that’s where the length of password is crucial.
“If your password contains 15 characters or more, it no longer matters how random it is,” says Burnett.
Will passwords ever become obsolete? Security expert Markus Jakobsson has been working on a system he calls “Fastwords”, a combination of three words that you can type in, in any order, for access. If you forget your fastwords, prompting you with one of them helps you remember the other two. – Rhodri Marsden. Belfast Telegraph
Some spook terminology to keep you in the loop:
* Hacking. Accessing a cell phone’s voicemail inbox. This allows someone to eavesdrop on messages or glean other information from the target phone.
* Blagging: An attempt to con information out of unsuspecting information-holders. Typically, the “blagger” is a respectable-sounding actor who claims to have good reason for seeking out information. Sometimes they pretend to be calling from inside an organisation and use passwords obtained by bribing corrupt employees to persuade the unwitting information-holder to give out phone numbers, bank account numbers and the like.
* Pinging: Police and spies can identify an individual's whereabouts, typically terrorists or fleeing suspects, by triangulating their signal from cell phone base stations.
* Tracking: Planting a tracker device on a car allows to record its movements and provide corroboration of on it whereabouts.
* Bugging: Police and spies have long used bugs to record the indiscretions of their targets. – Melanie Peters, Cape Argus