 |
| Image from Pixabay |
Your bicycle, your car and your house have one thing in
common: they have a lock. And all those locks come with keys. Locks have a long
history – they are said to have been around for over six thousand years. Over
the centuries, all those locks served the same purpose: to let in those who are
allowed in, and to keep everyone else out.
There have always been people who still wanted to go
somewhere they weren't allowed in. Most shrug and think “too bad,” but some are
really trying to get in. We call those people burglars. They have a whole range
of options for breaking down the barrier that has been raised, such as lock
picking tools (which can be used to fumble
with cylinder locks), the Polish key (used by bicycle thieves) and the
time-honoured crowbar. It should be noted that the latter is not used to open
the lock, but to work around it.
And then the computer was invented. Soon – in 1961 – it
was thought that it also needed a lock. I myself have used PCs that had a
physical lock, but the password is still the most common mechanism. The
password itself was not new; the ancient Romans used it already, and I remember
from old wild west movies that anyone who wanted to enter the fortress had to
say the password at the gate.
In the good old days we had one password. You could
easily remember that, if only because there were no requirements yet that it
had to meet. In modern times, we all have dozens of accounts, at work and in
our private life, and their passwords have to meet some of the most horrific
requirements, which are different everywhere. For example, last night I found
out that my bank does require a special character, but that it should not be a
circumflex accent (^). And while I can think of a reason for that, I
immediately wonder why using this character is fine elsewhere.
I've written it before: passwords have had their day. Not
only because we are tired of it, but mainly because they lose their security
value. I'd venture to say that anyone who doesn't use a password manager either
writes down their passwords somewhere or uses weak passwords (which includes
using the same password in several places). Writing that down doesn't have to
be so bad, if you approach it a bit smartly. A notebook with the title “All My
Passwords,” as seen on TV nine years ago by
Ellen DeGeneres, is not a good idea.
Biometrics is a nice alternative for some applications.
You can unlock your phone smoothly with your fingerprint or with facial
recognition. Even firearms are equipped with it (although such a smart gun has never been sold, Wikipedia says).
There are also more robust – and therefore more expensive – biometric systems
that scan your iris, for example, or your palm. The latter technology scans, in
addition to the shape of your hand, the pattern of the veins in the hand.
Biometrics can literally go deep.
An alternative to logging in to websites is the FIDO
standard (Fast Identity Online). When using FIDO, you register once at a
website. You can then log in using your mobile device or your computer,
possibly using a FIDO USB key, which you only need to touch to log in. But
despite roaring texts on the FIDO Alliance website (“FIDO is widespread and
growing fast!”), I've never seen it on a website. Major players such as Google,
Facebook and Dropbox are connected, but apparently not for Dutch users.
Change is difficult, as it turns out. But one day there
will be people who will no longer know what a password is, just as there are
already millions of people walking around who have not experienced the time
without computers and smartphones, or people who do not know what a floppy disk
is. Until then: use a password manager. And wherever possible, activate
two/multi-factor authentication (2FA/MFA, also known as two-step verification).
And in the big bad world…
This section contains a
selection of news articles I came across in the past week. Because the original
version of this blog post is aimed at readers in the Netherlands, it contains
some links to articles in Dutch. Where no language is indicated, the article is
in English.
- many
people find unique passwords too much of a hassle. [DUTCH]
- Many
people, who are not concerned about their online security, also think that they
have their affairs in order. [DUTCH]
- this website helps you to
create an overview of all your smart devices, and then gives you tips on how to
update them. [DUTCH]
- there
is also criticism of the criticism of the Dutch government's new cloud policy. [DUTCH]
- we
should report cybercrime more often.
[DUTCH]
- the
German government thinks iPhones and iPads are quite safe. [DUTCH]
- many
small companies do not do security awareness.
[DUTCH]
- TikTok follows you even if you don't use it at all.
No comments:
Post a Comment