http://www.telegraph.co.uk/opinion/main.jhtml?xml=/opinion/2007/07/30/do3004.xml By Jason Nisse 30/07/2007 I recently signed up for an online service from a leading firm of financial advisers. It allows me to check on my pension, transfer funds in and out, view my investments, deal in shares, check the football scores, make tea and probably reach Nirvana. Or it might do if I could access it. For security reasons, you need three different passwords and I have as much chance of remembering all three as Ming Campbell has of becoming prime minister. I could write them down on a piece of paper, but I've been cowed into submission by the online nannies who say that this is not something you should do, for fear of it falling into the wrong hands. Yet I bet that this security breach is committed every day. And why? Because the plethora of electronic devices and services we need for everyday life mean we have too many passwords and pin numbers to remember. On an average day I need to remember umpteen different chunks of otherwise useless information. I turn on my mobile phone - it needs a password. I get to work and my computer needs a password. At a former job, my computer needed two passwords, one of which had to be changed every month and could not have any characters in common with the previous month's password. Like many people in Britain, I have two bank accounts. One needs a five-digit number and a password; the other a six-digit number and a memorable place name. I have an online savings account that needs a different password from the password for my bank account. I could also check my credit card account, but that needs a different password entirely. The same is true for my mortgage account and my mobile phone bill. Some of these passwords have numbers in them, some don't. Some have to have capital letters, some don't work if you use capital letters. Even if you never use a computer, you can be hit by the password overload. Look in your wallet. You probably have four or five credit and debit cards. In these days of chip and pin, these are virtually useless if you do not have the magic four-digit numbers. The banks tell you not to have the same number for all your cards. Give me a break. Am I going to carry five different random four-digit numbers in my head? After all, I'm not Good Will Hunting. I've tried systems to help me remember - such as using the names of Arsenal players (that fell down when they were transferred), favourite films or members of my extended family; but none seems to work. So what is the solution? If you are a bit of a technical whizz, you can download a "password safe". These are programs that store all your passwords so they can be used for accessing sites. The problem is that you can only really use this on one computer, ideally your home one, and if that gets stolen you are in trouble. Some of the high street banks are starting to offer customers a "dongle", which is a portable password device that plugs into your computer. This is essentially an electronic version of writing the password down on a piece of paper, though it is supposedly secure from hackers. The problem is that dongles cost money and if the one your bank gives you doesn't let you store other websites' passwords, you could end up carrying a dozen dongles in your pocket. I asked a few pointy-headed computer security experts for advice and they steered me in the direction of "public key encryption". I'm not going to try to explain what this is, short of it being a mathematically devised formula that gives you unique codes that link to other codes on a website you want to access - if they fit, you are let in, as if you had a key to a door. This is monitored by a "trusted third party" - essentially a computer that acts as a gatekeeper between your computer and the website's computer. In other words, instead of trusting your own faltering brain, you need to put your trust in a computer to manage your passwords for you. Unfortunately, I'm still scarred by The Terminator, the Schwarzenegger movie in which machines begin thinking for themselves and start waging war on the human race. Except that in my imagination, they're smarter. They will simply raid our bank accounts, buy smart cars and take swanky holidays in the Maldives. Putting all your cash in a box under the bed never seemed so attractive. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 30 2007 - 22:29:12 PDT