Our entire online life – and beyond – now depends on passwords. You can’t check your email, update your social networks, upload some photographs, or check your bank balance without being harassed for a password. Some people create elaborate lengthy passwords with mixed numbers and characters, while some just use ‘password1234’ on every account.
For years security experts have lectured us about the need to move on from this culture of passwords, but the cries have always been ignored – perhaps until now.
Do you remember the recent LinkedIn data breach? And the Last.fm one? And Sony, and Apple, and Fox, and eHarmony?
Websites with large numbers of user details – and their passwords – are being targeted more often by hackers eager to either steal the data on users, or just for the fun of proving that the data can be stolen and then published openly online.
So where do we go from here?
There surely needs to be a new era of passwords that cannot just be hacked and accessed as these pirates are doing, but how can a standard, uniform, way of protecting your account access be defined – and quickly?
Using dongles or physical checks on a user would be ideal, but can you imagine needing a retina scan every time you want to post on Twitter? Realistically we need a heavily protected and regulated central password and identification store that other sites go to and use to verify our identity.
This problem is becoming more and more urgent – what suggestions do you have for ensuring that when you login to a site, it really is you?
Photo by Expert Infantry licensed under Creative Commons