Louis Arias- Staff Writer
Passwords. Nobody’s favorite. IT Service Desks hated resetting them all day long so they automated the process. No one really likes having to remember passwords. Yes, passwords are nobody’s favorite…except hackers.
If you lived in a dangerous neighborhood, would you use a simple bedroom door lock to keep your house safe? That is exactly what most Americans do when protecting the personal information on their computers. What makes this choice more grievous is that it also exposes their contacts. The truth is that people with the right skills or knowledge to handle passwords safely are in the minority.
“Personal” password managers are programs that generate, retrieve, and keep track of super-long, randomly generated passwords across all user accounts. They also protect PINs, credit-card numbers and their CVV codes and answers to security questions. These programs encrypt this information making it almost impossible to crack.
According to a 2016 study of the Pew Research Center, most Americans keep track of their online passwords by either memorizing them or by writing them down. So, why don’t more people use password managers?
Patrick Vilkinofsky, Associate Professor of DSC’s School of Engineering Technology, specializes in Internet Security. He believes that their unpopularity is a combination of unawareness, the fact that a learning curve required to use them correctly and, for one reason or another, some people just don’t trust them.
Regarding the issue of password managers, Paul J. Wheeler, DSC’s Chief Information Officer, said, “People tend to focus solely on passwords but really should focus on the bigger concept of ‘authentication’ —proving you are authentically the person you say you are.”
These techniques include: something you know (e.g. passwords); something you have (e.g. mobile device); something you are (e.g. biometric); somewhere you are (e.g. GPS location); and/or something you do (e.g. personal gestures or touches on a touch screen)
Are password managers the silver bullet? Perfect internet security is a delusion.
If hackers get access to users’ master passwords, they gain access to all the users’ accounts. Likewise, if a hacker breaches a password manager’s central vault, millions of passwords become exposed.
Nevertheless, for the most part, this software relies on multifactor authentication. Therefore, access to user credential vaults is granted only with a combination of correct passwords and correct authentication codes that exist only on users’ devices. Password Managers are imperfect but are immensely preferable to most of the population’s current password practices.
Another commonly raised question is where passwords are stored. By default, some password managers like LastPass, 1Password and Dashlane store user passwords on the Cloud. This allows users to easily sync their data across devices. As a second benefit is that if their computers crash, their vaults remain intact. Some providers allow users to keep their passwords on their computers, storage drives or company servers. Dashlane allows the “Sync” feature to be disabled in Preferences, 1Password gives users control of where their passwords are stored for a fee, while on KeePass password storage is purely on user devices.
A password manager is a valuable cyber-security tool that is grossly ignored. Unfortunately, society, even a virtual society, cannot survive without security. Because this concern cannot be ignored, the same people who reject this tool are already being forced down the road of biometrics…another tool that is not foolproof.
Undoubtedly, tapping a phone or looking at a screen is preferable to entering an unsecure password. But are we on our way to making our iris, heartbeats, voices or DNA becoming a requirement to access cyber-world? Will government services be next? What else?
For now, passwords are still the preferred keys to the cyber-kingdom. It is one thing to allow software to assist us in remembering something we should know, like our passwords. It is quite another, for technology to require our essence—who we are—and what we have—our devices—to allow access to that inanimate kingdom. That is still imperfect two-way authentication, but now with conscious human choice removed.
Wheeler believes that personal password managers are generally a good idea. Nevertheless, as he described to the cat and mouse game of hackers and cyber-security professionals that plays out 24-7, he ended with some powerful advice:
“In the cases I’ve seen, the hack took advantage of a user’s gullibility, once again demonstrating that as users, we can never let our guard down but instead must always remain conscious and careful of what we are doing ‘in cyberspace.’”