Rhodri Marsden: We’ve proved that we can’t be trusted with setting passwords
Rhodri Marsden is the Technology Columnist for The Independent; he has also written about crumpets, Captain Beefheart, rude place names and string. He's also a musician who plays in the band Scritti Politti, and won the under-10 piano category at the 1980 Watford Music Festival by playing a piece called "Silver Trumpets" with verve and aplomb.
Wednesday 25 December 2013
In Enid Blyton’s The Secret Seven series, the young detectives regularly meet in an old shed. Admittance is gained via a password which, mindful of security issues, the seven change on a regular basis.
You’d hardly describe their codes as uncrackable – “adventure”, “beware”, “holidays” – but they probably figured that the chances of anyone infiltrating the meeting (and being immediately identifiable as not part of The Secret Seven) was unlikely.
That unlikelihood is something we all continue to depend on; we’re told relentlessly that our passwords are useless, that they’re not long enough, that using the name of a Premiership football team is akin to giving away your identity on a digital plate and that adding the year of your birth on the end isn’t much better.
As we choose passwords, services tell us if they’re strong or weak – but if they’re deemed weak we use them anyway. Why would anyone want to crack our password?
We’re told not to reuse the same passwords, but we do because they’re so terribly hard to remember. Maybe, at a push, we keep a rotation of three or four which we use across 50 or more sites and services, but poor security on one site still leaves us open to attack on others.
If our Twitter is hacked or our Yahoo infiltrated, we merely change the password to one of our other two options.
We spurn services such as LastPass that construct random passwords for each service, unlocked by a single master password, because we’ve grown attached to typing “gunsnroses” or “kitten69”. We won’t help ourselves. And such is the damage wrought by our refusal to wise up that it may be taken out of our hands altogether.
Fido (Fast Identity Online) is a consortium of organisations including Google, Mastercard and now Microsoft that’s constructing a protocol that will rid us of the need to remember multiple passwords. A two-step authentication process will use our mobile phone (or alternative device) to confirm who we are; every online login will require a PIN (or even a fingerprint) to be entered on the device, which then generates the key to let us in.
Two-step authentication is already used by banks and is offered by the likes of Paypal and Google itself to improve security; it works. Unfortunately, it’s not perfect, and in this post-Snowden era, many people have been quick to slam the plan.
It’s an unnecessary faff, they say. What if the device is lost? How can we trust a consortium composed of companies whose motives can’t be verified?
Why include biometrics in this? If my fingerprint data is compromised, where do I get a new fingerprint? How long until we’re all microchipped at birth? All these questions can be rebutted to some extent, but the fact remains that we’ve proven extensively over a 20-year period that we can’t be trusted with our own security. We need to be protected from our own uselessness.
You might say that anyone who can’t remember even the weakest password deserves all they get – but you’d be wrong, as you’ll find out when you reach old age.
Rampant paranoia over the actions of multinationals makes for an enthralling discussion, but it doesn’t help people avoid becoming victims of crime. So Fido, bring it on. Unfortunately, we need you.
World's most lethal spider found under a bunch of bananas
Rumours that the star wants to move on to pastures new
TV presenter Fiona Bruce seemed a bit startled by the find during the filming of Antiques Roadshow
Comedian says he 'never laughed as hard as I have writing with Rik'
Life & Style blogs
Soylent: Could a slug of nutritionally engineered sludge ever replace the leisurely meal?
Jeremy Hunt tells nurses 'path to lower cost is the same as the path to safer care'
Cara Delevingne photographed naked by Mario Testino for Allure magazine
Dear young men: The old stereotypes of what it is to be a 'man' are a load of rubbish
What lies beneath La Perla's 60 years of luxury lingerie
Cameron is warned 'no possibility' of UK reducing immigration and that bid to bring in quota on migrant workers would be illegal
Sorry Judy Finnigan – Ched Evans is no less sickening than an alleyway rapist
Residents should throw a street party and mix with immigrant neighbours, councils told
Workers 'could be forced to pay £5 a week' to get benefits
Russell Brand threatened with arrest after filming outside Fox News headquarters
Amal Alamuddin calls for the return of the Elgin Marbles from Britain: 'Injustice has persisted for too long'
- 1 Jack the Ripper: Scientists who claims to have identified notorious killer has 'made serious DNA error'
- 2 Ebola outbreak: What is bushmeat – and is it to blame for the disease that has killed thousands?
- 3 Star Wars memorabilia dubbed 'bit of plastic' by Antiques Roadshow's Fiona Bruce valued at £50,000
- 4 Russell Brand might seem like a sexy revolutionary worth getting behind, but he will only fail his fans
- 5 Michael McIntyre walks off stage after woman in the front row uses her phone
iJobs Gadgets & Tech
£30000 - £35000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...
£25000 - £40000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...
£35000 per annum + 25 days holiday, pension & further benefits: Ashdown Group:...
£45000 per annum: Ampersand Consulting LLP: Datacentre Consultant (Datacentre,...