A review of the Wall Street Journal's online edition, published today, "despite the fact that the data thieves are prevalent but the password is still alive" (despite data thefts, the Password endures), said that, although the cryptography technology has various drawbacks, and caused many data leakage events, But because of its low cost, the use of simple characteristics, or access to the general public's favor. What's more, for users who have become accustomed to passwords, it is not easy to switch to new technology.
The following is the full text of the article:
Password nightmare
When Fernando Cabato (Fernando Corbató) created the first computer code at MIT in the early 1960s, he had no idea that a Pandora's box would open.
"It's like a nightmare. "I don't think anyone can remember all the passwords," said the 87-Year-old retired researcher. ”
The password is not only for the computer and smartphone users buried the curse, and to the major enterprises brought security risks. In Wednesday, ebay called on the company's 145 million users to change their passwords because of the company's data-disclosure incidents. But from past experience, I am afraid not many people will notice this warning.
Last month, experts disclosed the "Heart Bleeding" network encryption loophole, the Internet has become the history of one of the most serious loopholes. The vulnerability could expose billions of of passwords to hackers, but a survey by the Pew Research Center found that only 39% of adult internet users canceled accounts or changed passwords after the leak was exposed.
"The password is terrible and should be shot." "Jerimigrante said that he led the U.S. National cyber space Credible Identity strategy project (Nation strategy for Trusted identities in cyberspace) was founded in 2011 by President Obama to strengthen network security.
Wide penetration
Despite all the shortcomings, the password has already penetrated into all aspects of people's lives. It is inexpensive, widely used, and easy to use, and its alternative approach has so far not made much headway.
"This is the only technology that has been in use since 50." "said Brett McDowell, senior network security advisor for ebay's PayPal business," Brettes Macdowell.
The hopes of replacing passwords with fingerprint recognizers, iris scanners and USB keys have led executives, scientists and government officials to question the prospects for such a plan. MacDowell and managers at Bank of America, Google and other companies are working to promote a password substitution project called Fido Alliance.
The project recently released a set of early standards that could be used in other forms of online identity authentication. PayPal is using the standard, and Google's internal testing has also achieved good results.
Apple's latest generation of iphone uses a fingerprint unlocking function, but some users believe that typing the password is as convenient as putting the thumb on the card reader to unlock the phone.
No one knows how many passwords are in the world, partly because they penetrate too quickly and cannot be traced. The big increase in the use of smartphones, tablets and other mobile devices has worsened. Social networks and E-commerce sites often require users to log in with passwords to provide personalized content and advertising.
Data leaks
Despite data leaks and security warnings, people insist on using a password that is easy to remember and often use the same password in different accounts.
"The most commonly used passwords in the world are like the names of the most commonly used babies in the world." "The company publishes an annual" Worst password "list every year, and almost every year there is no big change in the list, including" 123456 "," Password "and" qwerty, "said SplashData CEO Morgan Srein Morgan Slain. The most commonly used passwords.
Jeff Mayers, a 49-year-old Jeff Mairs, came up with his own approach. The former heart surgeon, who is currently involved in a drug trial at Gilead Sciences, said he would add a number to his existing password every month.
"Anyone who has a bit of hacking skills can crack it right away," he said. "he said.
Alternative scenarios
Companies such as Google and Twitter are using a two-step authentication model to deal with hacker attacks. After the user entered the password, but also to enter a message received through the phone to receive the authentication code to enter the account.
This model is more secure than a simple password, but if the phone is lost, it can still cause problems and slow down the number of incoming accounts.
"All of this will create additional resistance. "Yuri Rivena (Uri Rivner), a former senior executive at EMC's data Security division, Rtsa. He recently started a company called Biocatch to help major websites authenticate their identities by using a smartphone or dragging the mouse over the screen. He added that some major US banks had already started using the technology, but he declined to disclose the identity of the banks.
Even the smartest password is limited by the company responsible for storing it. Hackers can use a "heart bleed" vulnerability to steal protected data on an enterprise server.
Target said the hackers stole 40 million card numbers last year by hacking into credit and debit-card systems using passwords stolen from refrigeration contractors.
It is not clear how many people could be victims of the two attacks. Since the event, Target has taken many steps to isolate valuable data from other parts of its network. Dozens of websites have called for users to change their passwords since the "heart bleed" loophole was exposed this April.
Resistance still lingers
PayPal allows users to use sensors on the latest Samsung Galaxy S5 smartphones to do shopping. Tim Cook, Apple's CEO, also said the company's executives had considered mobile payments when adding fingerprint-recognition chips to the latest generation of iphones.
Apple's system is currently compatible with itunes and other companies ' own products. PayPal users can use the same fingerprint on any site that deploys FIDO standards. Of course, when the Galaxy S and iphone 5s fingerprints fail, the user still needs to enter the password.
Stewart Gege, Ph. D., a PhD student at the University of California, Berkeley, Stuart Geiger the way people interact with technology, says the total abandonment of passwords requires the full cooperation of Silicon Valley's big businesses, which involve almost every area of shopping and video chatting.
Even if there is a technology that can completely replace the password, will billions of American netizens, already accustomed to passwords, really want to change the way they use their devices to improve security? Inertia is an important issue. "he said.
The chaos of today is already beyond the imagination of Professor Emeritus Professor Cabato of MIT, who and his colleagues developed passwords only to control file access on shared computers.
We didn't foresee the advent of the Internet. "he said. In order to remember their various passwords, Cabato will write them all on paper. Now, he's storing all of that stuff in an online file.