The quickest way to improve online security is to upgrade your mental software

A security patch for your brain

Online security

Конец ознакомительного фрагмента.

Текст предоставлен ООО «ЛитРес».

Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.

Стоимость полной версии книги 99,90р. (на 02.04.2014).

Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картойами или другим удобным Вам способом.

TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one even to do humdrum things like turning on your computer, downloading an album or buying a book online. No wonder many people use a single, simple password for everything.

Analysis of password databases, often stolen from websites (something that happens with disturbing frequency), shows that the most common choices include “password”, “123456” and “abc123”. But using these, or any word that appears in a dictionary, is insecure. Even changing some letters to numbers (“e” to “3”, “i” to “1” and so forth) does little to reduce the vulnerability of such passwords to an automated “dictionary attack”, because these substitutions are so common. The fundamental problem is that secure passwords tend to be hard to remember, and memorable passwords tend to be insecure.

Weak passwords open the door to fraud, identity theft and breaches of privacy. An analysis by Verizon, an American telecoms firm, found that the biggest reason for successful security breaches was easily guessable passwords. Some viruses spread by trying common passwords. Attacks need only work enough of the time—say, in 1% of cases—to be worthwhile. And it turns out that a relatively short list of passwords provides access to 1% of accounts on many sites and systems.

Fingerprint scanners and devices that generate time-specific codes offer greater security, but they require hardware. Passwords, which need only software, are cheaper. In terms of security delivered per dollar spent, they are hard to beat, so they are not going away. But they need to be made more secure.

The solution, say security researchers, is to upgrade the software in people’s heads, by teaching them to choose more secure passwords. One approach is to use passphrases containing unrelated words, such as “correct horse battery staple”, linked by a mental image. Passphrases are, on average, several orders of magnitude harder to crack than passwords. But a new study by researchers at the University of Cambridge finds that people tend to choose phrases made up not of unrelated words but of words that already occur together, such as “dead poets society”. Such phrases are vulnerable to a dictionary attack based on common phrases taken from the internet. And many systems limit the length of passwords, making a long phrase impractical.