Passwords are evolving into a library of short words and mixed phrases. What used to be something as simple as your dog’s name has turned into the complicated mess that it is today. With most accounts requiring at least 8 characters, a capital letter, and a number, choosing a password that’s also easy to remember is a task in itself. Online security is extremely important – but do you care enough to secure it?
In an online survey from 2012, nearly 60% of adults have 5 or more unique passwords, and 30% have more than 10. Password exhaustion has turned into a trend where society is either recycling passwords across multiple accounts, or simply making it as easy as possible while following the requirements. Most adults have passwords to remember for their workplace in addition to their personal life. When you really take the time to think about it – how many do you have? Mixing together all of your emails, social networks, and everything else, it almost becomes an entire catalogue.
For the better part of my online history, I’ve used the same few passwords. I set up a system based on the level of security I needed. Basic accounts and social networking used one, then more advanced accounts such as email and financial services were another. Personal identities and my Apple ID had the highest level. It was an easy way to remember what I had set because of the category it was placed in. I’ll tell you right now that this system is a mistake. Having the same password across different accounts of the same category is a bad decision, because if one gets compromised it’s an easy lead into everything else. Programs can be run to use the password and similar variations across other sites to try and find matches. Within a few hours or days, your identity belongs to someone else.
Organizational password software such as 1Password (available for most devices here) has helped millions of people manage and create stronger passwords. This program embeds itself into a browser, and auto-inputs information from accounts to personal details. This is all extremely secure as it runs in private browsing mode, so no information gets stored anywhere else. I’ve been using 1Password on my iOS devices for over a year now and it has provided secure, convenient access to saved websites such as credit cards, government, and more. Take a look at 1Password for more information and how to get started.
Apple has revolutionized the security field by implementing a bio-metric finger print scanner into their latest flagship iPhone. There are many people who don’t use a passcode on their phone, mostly because of laziness. When you think about it, auto-logins for apps such as banking, social networks, and much more are saved into the phone. It’s become one of the most integrated devices that has access to everything in your life. Yet it’s the least protected. While Touch ID is still in it’s infancy, the basic areas are covered for now. Unlocking the device and making iTunes Store purchases are a great start, and will lead to much more integration in the future.
Now imagine if this kind of technology was fully integrated across an entire Operating System. Apple already has iCloud keychain syncing passwords across devices, but if Touch ID was unified with Mac OS X and Safari it could be a game changer. While there are many flaws at this point in time, it’s incredible to think of a USB enabled device, or something built into the Apple keyboards, that could use Touch ID to sign into Facebook or E-Mail. Safari already has a system in place like the one that 1Password provides to generate passwords. Stored in the iCloud keychain, these passwords could use Touch ID to authenticate the user. Once verified, it would automatically input the saved password.
It’s also a great way to entice users to stay within the Apple ecosystem if all of their devices were able to use Touch ID and sign into services or accounts. This not only creates ease of access, but simplifies the process of having complicated passwords and not needing to remember any of them.
Another strong system in place are authenticators. Google uses one for their online services, and Blizzard also has one for their games. I use the Blizzard autheticator for my Diablo 3 account to prevent unauthourized access. Even with strong passwords, there are still ways to get through. This system is accessed through an app on iOS or Android and provides a code that refreshes every few seconds. When you attempt to sign in to any of their games or even the account management section through the web portal, it asks for the authenticator code in addition to your account information. It’s a strong method to secure accounts and would be invaluable if it were to become fully integrated.
This kind of system could be implemented into an app done through Google or Microsoft, similar to Apple’s iCloud keychain. Websites could be set up to have their accounts link to a universal authenticator that requires the randomized code to log in. I feel this process would be a little harder to integrate as it would require a partnership between many different corporations. Using your mobile device as the link to all of your accounts, opposed to the traditional password structure would be beneficial to everyone. This method would also need to have the old system in place for people who do not have a compatible mobile device.
Online security is becoming harder to protect with exploits such as Heartbleed emerging to the public. Identity theft is easier than ever, and the best part is that it’s preventable. There’s always a mindset that people will revert back to, thinking it would never happen to me. Until it does. While you may not feel that you have information worth stealing, someone else thinks otherwise. A real identity is one of the most treasured assets available.
Take the time to make sure that yours stays with you.
(Originally published April 18, 2014)