On Passwordless Day …

On Passwordless Day …

Passwords are strange things. They are basically a legacy of the past when we used them to log into computers. But, now they protect our bank details and some of our most sensitive data. Their greatest flaw is that users can all too easily give away their password by revealing it to an intruder (such as with a spear-phishing attack). So, when MIRACL — a company we partner with on cryptography research — ask me for a quote on Passwordless Day (on Alan Turing’s birthday: 23 June) — it’s a great chance to outline my viewpoint:

“Passwords are generally a legacy of the days of mainframe computers, and when computer security was so much simpler. Unfortunately, for the past few decades, the Number 1 threat has always been spear phishing, and thus in the harvesting of passwords. In the news, we often hear that we should increase the complexity of our passwords. But, if a user is tricked into giving away their password, there is little that the complexity of a password can do to protect against this.

This often succeeds, too, as many organisations only have a single factor of authentication. We thus need to look at multiple ways of properly identifying and authenticating our users that is not just based on the knowledge of something but on things such as a location, wearable devices (such as your watch), biometrics, and a whole range of other methods. These approaches will see the rise of MFA (multi-factor authentication), and hopefully put in place significant barriers against those who may wish to gain access to our data. So, here’s to a passwordless world. The password has helped us boot up the Internet, and created a digital world built around computers. Now, let’s build a world built around us.”

You can read the rest of the article here:

And if you want to know how systems store your password, try here:

https://asecuritysite.com/openssl/passwds

And here’s some MIRACL magic:

https://asecuritysite.com/miracl/