Wednesday, August 13, 2014

Passwords, can we live without them?

“Password”, “access code”, “key word”, “watchword”... You can give many names to the string introduced by you to access your devices, networks and Internet services. In many cases, this combination of letters, numbers and even symbols, which should be only known by you, are the only thing that protect your data from the prying eyes of others. It is therefore very important to choose them wisely and renewal them so often.

Unfortunately it is increasing the number of people looking to make profit one way or another out of your personal data and the information stored on individuals or businesses’ systems. All security breaches that have happened in 2014 are the best proof of that. In fact, some people have already called this year "The Year of the Data Breach". According to a Trend Micro's report for the first half of the year, in the first six months of 2014, 400 data breach incidents were reported exposing a more than 10 million personal records.

Using passwords as the only security system to protect our data and documents means not only a significant risk, but also presents many drawbacks. You need to choose strong passwords to withstand brute force attacks; you constantly have to memorize and enter them; additionally cybercriminals are increasingly finding more sophisticated ways to trick us to steal them. For these and other reasons, they are being tested many methods of biometric identification. Some of them have already begun to be used such as fingerprint readers, palm vein readers, facial scanners, behavioral authentication technologies, heart activity monitors or retina scanners.

In this sense, DARPA, the U.S. military's Defense Advanced Research Projects Agency is funding several projects to allow us to dispense with passwords thanks to biometrics and different behavioral patterns, ranging from the micromovements that a user makes while holding a cellphone on his hand to how an individual talks, how his voice is or how he acts in front of the screen.

However, most Web services still have a username-password combination as the main barrier to entry to an account. The task of remembering a strong password for each of these services can become a superhuman challenge. For this reason, J.D. Biersdorfer wonders at The New York Times what mobile applications are the best to save all these passwords avoiding the necessity of memorizing them. Some key features that you should keep in mind when choosing an app for this are backup options for syncing an encrypted copy of your password file to an online server or directly to a computer and even automatic website logins for stored passwords, complex-password generators and security alerts.

Nevertheless if our phone is infected with some type of malware, it is likely that a password can not keep out cyber criminals or even intelligence agencies. For instance, FinSpy spyware could access our phone calls, text messages, address book, and even our microphone or location. According to  surveillance software provider Gamma Group, Android, BlackBerry, Windows Mobile and Symbian mobile operating systems could be attacked by such spyware. Windows Phone and non-jailbroken iPhone devices are free of this threat.

Same happens if we do not have all our software updated to their latest version available. Any program or operating system contains bugs, which once known can be exploited by malicious hackers. Therefore it is always recommended to update as soon as the developer launches a patch. For example, nine security bulletins for several Microsoft products were released yesterday fixing 37 vulnerabilities.

To keep yourself promptly updated about the world of cyber security we will not ask you for any password. You can access our social channels (find the links at the right sidebar) or our blog and get all the news about this interesting field.


Post a Comment