No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

IT Security

How to create the perfect password

Everyone needs to be careful when it comes to online security today and creating new passwords can become almost a daily occurrence. But with so many different stipulations and requirements for each site or account which asks for passwords it can be incredibly difficult to remember them all. Although there are now many different ‘password managers’ available, there is also a free and equally easy way to create unique but entirely memorable passwords for every single account using one base password. And here’s how to do so in two simple steps:

1. Firstly, pick a base password which is easy to remember but not easy to guess. Online security tips all tell us to avoid using your name, a pet’s name, your birthday etc as these can be easily guessed by hackers. One suggestion is to select a regular word (preferably at least eight letters long) and swap out some of the letters for numbers or symbols. For example: Password can become Pa$$w0rd. This way a ‘dictionary attack’ won’t identify the characters as forming a real word. You’re also assured to comply to any account’s requirements when it comes to upper and lower case letters, symbols, and numbers.
2. Now comes the clever bit: when you create a new account, you are going to incorporate the name of the website/server into your passwords. To create this unique password, you take the first four letters of your base password, add in the first four letters of the website, and then finish off your base password. For example, say you’re setting up a Facebook account. Your password would become: Pa$$facew0rd. Or maybe you need a new Gmail: Pa$$gmaiw0rd. Both of these combinations scored 99% on the Password Meter’s online strength test (http://www.passwordmeter.com) and would take a computer 34 thousand years for a computer to crack each one (https://howsecureismypassword.net).

Using this very simple technique, every single one of your passwords will be different, completely nonsensical to someone trying to hack your system, and, perhaps most importantly, easy to remember. They’ll also tick all the boxes when it comes to including upper and lower case letters, numbers, and symbols. From Pa$$twitw0rd to Pa$$amazw0rd, your Twitter and Amazon accounts will be secure and you’ll never have to worry about forgetting passwords or online security ever again!

It takes time to go through all your existing accounts and change your passwords to follow this technique but, believe me, it’s worth it. Think of all the time you’ll save in the future thanks to the fact that you’ll never lock yourself out of an account again!