POSTED: 01:30 a.m. HST, Jul 07, 2014
Good thing she doesn't need a password to get into heaven. That's what Donna Spinner often mutters when she tries to remember the growing list of letter-number-and-symbol codes she's had to create to access her various online accounts.
"At my age it just gets too confusing," says the 72-year-old grandmother who lives outside Decatur, Ill.
But this is far from just a senior moment. Frustration over passwords is common across all age brackets.
"We are in the midst of an era I call the ‘tyranny of the password,'" says Thomas Way, a computer science professor at Villanova University. "We're due for a revolution."
One could argue that the revolution is already well underway, with passwords destined to go the way of the floppy disc.
Already, multiple services can generate and store your passwords so you don't have to remember them. Beyond that, biometric technology is emerging, using thumbprints and face recognition to help us get into our accounts and devices. Some new iPhones use the technology, for instance, as do a few retailers, whose employees log into work computers with a touch of the hand.
Still, many people cling to the password, the devil we know — even though the passwords we end up creating, the ones we CAN remember, often aren't very secure at all. Look at any list of the most common passwords making the rounds on the Internet and you'll find anything from "abc123," "letmein" and "iloveyou" to — you guessed it — the word "password."
Bill Lidinsky, director of security and forensics at the School of Applied Technology at the Illinois Institute of Technology, has seen it all — and often demonstrates in his college classes just how easy it is to use readily available software to figure out many passwords.
"I crack my students' passwords all the time," Lidinsky says, "sometimes in seconds."
Even so, a good password doesn't have to be maddeningly complicated, says Keith Palmgren, a cybersecurity expert in Texas.
"Whoever coined the phrase ‘complex password' did us a disservice," says Palmgren. The focus should be on unpredictability and length — the more characters, the better," he says.
If a site allows long passwords and special characters, Palmgren suggests using an entire sentence as a password, including spaces and punctuation: "This sentence is an example."
He also suggests plugging in various types of passwords on a website developed by California-based Gibson Research Corp. to see how long it could take to crack each type of password: www.grc.com/haystack.
According to the site, it could take centuries to uncover some passwords, seconds for others.
Some people have taken to using password generators, which create and store passwords for you. Generally, all the user has to remember is a master password to unlock a generator program, and then it plugs in the passwords to whichever account is being used. Managers like this include LastPass, Dashlane and 1Password.
Ultimately, experts say, reducing the stress of online security — and decreasing reliance on passwords — will rest on what's known as "multifactor identification."
Those factors are often based on three things:
» "What you know" — a password, security question or some sort of information that only you would know (but that doesn't have to be difficult to remember, just exclusive to you).
» "What you have" — a phone, tablet or laptop — or even a card or token — that an online site or retail outlet would recognize as yours.
» "What you are" — biometric information, such as face recognition or a thumb print.
Banks could use this authentication process using cameras that already exist at ATMs, says Paul Donfried, chief technology officer for LaserLock Technologies Inc., a Washington, D.C.-based company that develops fraud prevention technology.
"We now have the ability to shift complexity away from the human being," Donfried says. And that, he adds, should make the pain of the password disappear.
By Martha Irvine, Associated Press