14 DAY TRIAL // Today is World Password Day, a 24-hour time frame dedicated to reminding users all over the world to protect themselves online by changing their current passwords with stronger versions.
These secret text strings are sometimes the only thing stopping an attacker from accessing someone’s online private assets.
However, despite the implicit importance they have in the current security context, many users continue to employ easy to break passwords or, worse, rely on a single one to log into multiple services or accounts.
Passwords are the key to private information
“Our entire virtual identities and even financial assets are safeguarded by passwords. Sadly, few realize that poor passwords or reusing the same password for all accounts makes for a major security risk, as cyber-crooks could easily cash out your life savings or take over your virtual alter ego,” Bitdefender said via email.
Pavel Krcma, CTO at Lamantine Software, says that a password should be “long and strong,” and this can be achieved by using a password manager.
Password managers today offer the possibility to store a limitless number of entries in encrypted databases protected by only one password. This approach allows creating unique passwords and eliminates the need to remember any of them, except the one unlocking their container.
“Hacks happen. You’re protecting yourself by having a different password on each of your password-protected accounts. That way, if one of your accounts is hacked, your risk will be limited to that account. That’s another benefit of using a password manager,” Krcma said via email.
Password managers are more flexible than ever
Lately, this kind of software solutions come as browser extensions (or at least this component is available with the main application) that identify the sign-in page accessed and can enter the correct credentials automatically.
Also, some of them offer synchronization with mobile variants so that the same database becomes available on all devices.
Most of these programs come with a built-in password manager that create in no time strong passwords with as many and as diverse set of characters as needed.
Among reliable free alternatives are KeePass, LastPass (with limited features) and Mitro, while the list of paid variants includes 1Password, LastPass ($12 / €10 per year) and Sticky Password (currently 50% off - $34.99 / €32 for a lifetime license, and $9.99 / €8 for 1 year).
Password replacement technology is still in a distant future
Despite the fact that passwords are absolutely essential for securing a private environment, given the current threat landscape, they no longer provide sufficient protection on their own, and new technologies have been built to compensate cybercriminal advancements.
At the moment, there are some attempts to replace passwords, like biometric authentication (face and fingerprint recognition) and the experimental system ActivPass, which trawls users’ personal information to come up with dynamic authentication strings. But innovative, reliable solutions are still far away.
Other approaches have been tried, such as password pills, which have a chip inside that emits an 18-bit ECG-like signal, basically turning the human body into an authentication token.
“There will need to be a balance between user experience and security that is missing in a lot of the alternatives,” says via email Steve Manzuik, Director of Security Research at Duo Security. He believes that the rapid adoption of smartphones and wearable technology will be significant in this regard.
Duo Security provides two-factor authentication (2FA) solutions to protect consumers and enterprises from credential theft and data breaches. The company has announced this week that it has adapted its technology to work with Apple Watch devices.
2FA is a great complementary security layer
The 2FA technology adds another layer of security to the traditional authentication model by granting login access only if the user provides a second code delivered to a personal device (e.g. a mobile phone) or generated by a separate, physical token that is in the possession of the user.
The code, also called one-time password (OTP), has an expiration date and changes for each login attempt. In this way, even if the password is stolen, illegal access is not possible without obtaining the OTP from the physical device.
2FA protects against weak passwords or recycling them for multiple accounts, but the technology cannot be adopted in all situations by all service providers. As such, it is still highly recommended to use strong passwords.
After all, an entire industry has emerged around them, both for ensuring their safety and for breaking them.