Wired for Safety: Passwords are dead, long live passphrases

Passwords have been a nightmare for computer users since they started being required. These days, people have multiple accounts. Some may have dozens.

Practically every site that you visit wants you to create an account with a password. Then we, security people, tell you not to use the same password on every site. Yes, we know that is frustrating and you’re not going to do it.

Then there are accounts that come with “things” we buy, specifically WiFi devices that are bought online or at the local electronics store. Other devices have a username and password associated with them — the dining room lights or the coffee maker that can be controlled via your cellphone or the thermostat that you can turn on before you leave work so your home is nice and warm when you walk in. These “things” (smart coffee makers, refrigerators, thermostats, DVRs) are what we call the Internet of Things (IoTs) because those “things” that were traditionally manually controlled can now be controlled via the internet (or via a network). More than that, these IoTs are almost always powered on.

It is very easy to find a list of passwords for IoTs. Perform a search for “Default list of passwords for IOT devices” in your favorite search engine and you’ll find them. Here’s a site that organizes default passwords for you. Do you see your home router or small business version in that password list? If so, be sure you change it. How? Go to the device’s manufacturer’s website and get the user guide. Companies that develop IoTs have the capability to require a password change before the device ever accesses the internet, but many don’t do it. Convenience and ease of use sells. “Plug it in and forget about it” is the common tagline or “Plug ‘n Play.” There are even security vendors that have IoTs that claim you just plug it in and it starts protecting your IoTs.

Creating passwords

Well, there’s hope, the password scheme we have known is over. It is possible to create more memorable and secure passwords than “Y?#$aw)9hal”?

While strong, remembering it is more complex. Imagine a password like that for 20 or 100 accounts. ..Read More..

Leave a Reply

Your email address will not be published.