Security is one of those hotly debated subjects you hear about all the time; and when it comes to cyber-security specifically, there’s a lot of room for improvement. There are a couple things; however, that I feel anyone should be aware of as it can apply for anything regarding both business and personal tech.
The first rule is always – *don’t have a stupid simple password*.
Every year a list comes out showing the top 25 most used passwords that get cracked, and every time without fail you’re going to see the same ones over and over in the top 5. These include “12346”, “qwe123”, “13579”, “password”…etc.
While no one wants to remember anything complicated, it goes a long way to make something unique to yourself that only you would think of. And no, your pets or family members don’t count. If the hacker knows you personally, that would make guessing relatively easy. Make it something reminiscent and easy to remember, but also something you’d never really talk about to anyone else; therefor eliminating their chances of guessing accurately. Capitalizing, adding a number, and even a symbol just enforces the password strength against brute-force style of attacks. They’re usually not mandatory on most websites, but having at least something outside of lower case letters helps a great deal.
Continuing on the topic of passwords, another common mistake is using the same password for everything. While the risk is lower if you use a strong password; it is still a major risk people take because if by chance any account you use is hacked successfully – they can also use it as a master key to everything you do. Emails, bank accounts, chat clients, game consoles… everything that shares that email and password combination. If you insist on minimizing damage without having to create a unique password for every single thing, then at least segment your passwords to categories: X password for sensitive data, Y password for games, Z password for social network, etc. While still not ideal, it can mitigate the damage should it ever occur.
Moving away from conventional typed passwords, there is an increase in using biometrics as a form of password protection. On paper it makes sense, almost. Biometrics, for those curious, is when you use unique identification of your body to have a system confirm your identity. This can be as simple as a fingerprint, or as complex as an iris or facial scan. While your identification is obviously unique to you; the code that a computer would store it as is not. By this, I mean that it would make sense to store biometrics more akin to a “Username” rather than password. The French government had, not long ago, proposed that peoples biometric data should be stored in a government server for the purpose of unified accessing. While it sounds greatly convenient, this idea is dangerously flawed.
My reasoning to this, is the fact that if someone gets a hold of your biometric data, they can replicate it and simply use it as a password instead of you. If the same data opens everything, then it is in fact even worse than having a master “typed password” to all your accounts; as those can be changed if a breach is detected. You cannot, however, change your biometrics… at least not without intense surgery and transplanting body parts. If it was just treated as a username, then at least a breach could be fixed by updating your passwords.
Some people may think it is a little absurd for it to happen; but it’s a possibility that’s surprisingly easy to accomplish in the hands of capable people. Case in point – a team of scientists in Europe had a live demonstration of photo-based systems that could take high resolution pictures of a political figure from simple Google-searched images. Using those pictures that were publicly accessible, the system stitched together information about her finger prints and was able to 3d print a fingerprint that actually worked. The same tech branch can theoretically be used for faces or eye scans as well; provided there are enough pictures to work with – and that’s not a tall order in an age of selfies with increasingly higher resolution cell cameras.
For a (slightly) less horrifying reason why biometrics make terrible passwords is the fact that sometimes unfortunate things happen to human beings. It’s pretty hard to get a good scan your finger if the entire hand had been severed off in an accident; or such an illness to affect one’s face. I personally do not use them ever for this reason. Perhaps I’ll be relatively intact for the rest of my days – but not really a chance I’d like to gamble with.
That’s just a couple of things I wanted to share. If you agree or disagree on anything, just comment below!