First aired on The Current (12/08/11)
People are increasingly relying on online services for everything from social networking to managing their finances. So it's easy to see why web security experts are looking for more effective ways for people to protect their private information beyond the simple password. Ask yourself this: how many online accounts do you have and how many passwords do you have? Odds are you've been reusing some.
Markus Jakobsson, a security researcher and author of Crimeware: Understanding New Attacks and Defenses, says a typical password combination of letters and numbers has various weaknesses.
"There are several problems with passwords," Jakobsson said on a recent episode of CBC's The Current. "One is that you can social engineer somebody to giving them out. That's what 'fishers' do. They send you notes saying, 'this is your bank, give me your password.' Another thing is that you can just plainly guess...what the password is."
Web security firms are now developing online protection measures that move away from the traditional password log-in. One method of security that is more effective than password systems is bio-metrics — for example, using a thumbprint or facial scanner to identify a user. Jakobsson said that bio-metric software is only available for certain devices so far, but it's becoming more and more common.
Another method is something Jakobsson has had a hand in designing himself — the "fastword" login. The concept behind this is that instead of inputting a password of letters and numbers, a user will input successive words. According to Jakobsson, using entire words instead of a password string is twice as effective from a security standpoint. It's also easier to create multiple fastwords for different accounts because human memory is much more likely to remember groups of words over letters and numbers, especially if they tell a story.
For example, if you were jogging in the forest one day and came upon a squirrel, then a memorable fastword login could be "joggingforestsquirrel."
"We need to make machines do what humans do well, which is to understand and remember stories," Jakobsson said.
Have you ever had your online information compromised? Let us know in the comments section below.
Crimeware: Understanding New Attacks and Defenses
by Markus Jakobsson
Buy this book at:
"There's a new breed of online predators — serious criminals intent on stealing big bucks and top-secret information — and their weapons of choice are a dangerous array of tools called 'crimeware.' With an ever-growing number of companies, organizations, and individuals turning to the Internet to get things done, there's an urgent need to understand and prevent these online threats.
Crimeware: Understanding New Attacks and Defenses will help security professionals, technical managers, students, and researchers understand and prevent specific crimeware threats."
Read more at Pearson Education