Passwords are Hard
On a Sunday night in June 2016, Mark Zuckerberg’s Twitter and Pinterest accounts were taken over by a hacking group called the OurMine Team. While the damage was largely limited to embarrassment, the cause was surprisingly simple; the CEO of one of the largest technology companies in the world had used the same insecure password ‘dadada’ for his LinkedIn account.
So why do We use them?
The moment we add security to our data, we need a way of making sure only the people we want to have access can get in. We can use three things to confirm you are who you say you are:
- Something you know, for example your bank PIN; or
- Something you have, for example the key to your house; or
- Something you are, for example your fingerprint.
While a physical key is an easy way to secure the front door to your house, accessing something you physically have digitally is tough, often requiring the use of special equipment and encryption. Fingerprints have been used to identify people by police for years, sadly the technology necessary to do the same via a computer still isn’t available to most of us. This leaves us largely relying on something you know to verify who is accessing our systems. Unfortunately while it’s easy enough to type a password into a form, it can be hard to come up with one that can be remembered but isn’t known or guessable by someone else.