Online protection means more than a strong password
September 13, 2013

The weakest points on almost any safe are almost always the lock and door. People need to be able to get in and out of it. In nearly any enclosing, the entry point is most vulnerable to outside incursions, regardless of how well-protected it is. Locks keep out casual interlopers, but someone dedicated to their profession can bypass them with enough persistence.

And sometimes, experts don't have to put too much effort into breaking in. Even the most complex lock will fail if a would-be thief can get his or her hands on it.

If you live somewhere with a security guard at the door or a nice, brightly lit neighborhood where someone can see a potential break-in attempt, you're slightly protected against someone slipping into your home. But an isolated, out-of-the-way locale isn't quite so safe. Which is how you should think of the Internet or other digitally accessible resources: a hidden nook that anyone with the right tools can access. As locks are to doors, passwords are to your data, and neither are particularly good at keeping people out.

An online identity, wiped away
Just ask Mat Honan, a writer at Wired, about how secure passwords can be. His entire online identity was practically erased after his password was stolen. His Apple, Twitter and Gmail passwords were all hacked, despite their seven, 10 and 19 character lengths. The hackers wanted his Twitter handle, @mat, simply because it contained three letters total. To prevent him from immediately regaining it, the group broke into his other accounts, took them over and deleted all of his personal content. 

Because of that, Honan dedicated himself to learning more about hacking and just how vulnerable passwords are. He found that even the supposedly most secure password is vulnerable to attack when it's not backed up by more robust identity authentication. Consumers could make their passwords a little more secure by increasing the number of regular and special characters, but that makes it harder to use. As Honan pointed out, complex passwords can help, but it would also make it impossible for them to remember and inconvenient to use. Most importantly, it would only provide marginal increases in security. 

What can be done to protect 
Honan did have a few suggestions about how people can improve password security. They can use only one password per login or longer passwords, as well as include false answers to security questions – so when users are asked about their first car, they could say it's a "Camper Van Beethoven Freaking Rules." But even these measures aren't a guarantee against intrusion.

While Honan's advice could reduce the vulnerability of consumer data if everyone followed it, that would require everyone to perform the same act – which is unlikely no matter the circumstances. Like with a lock, the best way to keep people from breaking into it is to make it inaccessible. Rather than relying solely on passwords, businesses can add device credential tools to their security measures. Honan suggested that two factor authentication that  uses a mobile device as a second factor can improve an account's protection. 

According to Honan, "the age of the password has come to an end." This idea was reiterated by Heather Adkins, a security executive at Google, CNET reported. "Passwords are dead," she said at a TechCrunch Disrupt panel, adding that organizations providing only standard password options must have a team in place to handle customer data being compromised. 

However, consumers are unlikely to feel secure with a company that only deals with password breaches after the fact. Implementing strong authentication tools can help protect user privacy while maintaining a solid reputation among customers.