With more than a billion passwords hacked this summer, and data breaches occurring on a daily basis — can we ever truly keep our passwords secure and our data safe? A Georgia State University computer scientist says the problem is complex and creating more secure passwords is difficult as we find ourselves trying to remember passwords for all of our online accounts.
"It's hard to believe one can keep the passwords 100 percent safe and secure," says Xiaojun Cao, associate professor and acting director of graduate studies for the Department of Computer Science at Georgia State. "The secureness depends on multiple aspects such as the quality of passwords, how to use passwords, and where and how to store passwords."
With many users having numerous Internet accounts — from bank websites and credit card portals, to email accounts and shopping sites — some users often duplicate the same passwords across accounts.
"How many usernames/passwords do you have out there on the Internet?" Cao asks. "A safe guess will be more than 10. I recently found that the number of my Internet accounts/passwords is more than 40. Creating unique, strong passwords for even only 20 accounts — and remembering those passwords — is extremely challenging, if not impossible."
Duplication yields risk, in addition to passwords that are easily cracked, he says.
"How often do you settle with easy passwords, use the same username and password, or create passwords in a similar pattern?" Cao asks. "Patterns and predictable words are prone to dictionary-based password attack.
"What could be even worse is password reuse," he says.
Instead of putting passwords on sticky notes or writing them down on notepads, Cao says that password management tools like Keepass and Lastpass are much better.
While a lot of the responsibility to keep accounts secure falls on users, a greater onus is on the corporations and entities running websites.
"We use passwords to communicate for information retrieval all the time, such as checking bank balances," Cao says. "Then the questions we may ask include how secure is the data communication and how secure are the servers — this is kind of out of the users' hands.
"We may just have to blame the corporations and other website owners for the poor security," he says.
No entries found