Password Security: How Good is Good Enough?

Google announced over the weekend a plan to rid us of passwords all together. What they’re proposing has been done before but will it catch wind this time around?

Update: Last Friday we discussed how to not forget your passwords. Additionally we listed 3 options or steps readers can take to protect their passwords. Good news! Google announced over the weekend a plan to rid us of passwords all together.

It comes in the form of a tiny usb stick that can attach to your keychain. Google wants to rid us of our passwords by moving users to Yubico’s YubiKey, a tiny USB like keychain you can use to log into all of your accounts on any device you choose.

It travels with you, plugs into your device and eliminates the need to type or remember your password. Yubico claims that its product is virtually indestructible; waterproof, crush safe and needs no battery.

Easy Integration With YubiKey

YubiKey is manufactured in the USA as well as Sweden, which means it has been developed with best practices in mind. Yubico claims YubiKey will easily integrate with virtually any open source software and promises to deliver a lower total cost of ownership. That’s good news for those of us looking for an advanced two-factor authentication password service that won’t break the bank . At just $25 a pop, YubiKey might be the thing we’ve all been looking for – to rid ourselves of our password woes.

Google Integration With YubiKey

Last year Google introduced the authentication “push” code, which sends a pin code to your phone whenever one tries to log into their account from a different “unrecognized” machine. Keeping with that theme Google hopes to move users to a YubiKey type of subscription service to rid them of having to ever type a password ever again. The challenge? Getting other websites and email services to play ball. Similar services have been attempted in the past but have failed to gain traction with the masses. The future tech community wants us to be password free, so-to-speak, but that is easier said than done. So what needs to happen?

Here’s What Needs To Happen

If all your important info is embedded on a USB like device there needs to be other authentication processes in place. What happens if you lose it? It’s no different than losing your credit card; you still have to call it in and cancel or block it. Don’t you or don’t you? That is another challenge but the idea is still sound. Will Google succeed in convincing the internet community at large? Hopefully so.

The technology is already there and YubiKey looks secure enough (at least for the semi-organized person) to use now. Authentication for all passwords associated on any personal device you choose is the goal in mind. Google and YubiKey say password security should make it more difficult for thieves to hack into your accounts yet simply the authentication process.

Though some still fear that password security will never be enough to keep up with thieves. Well at least we can die trying. YubiKey Integration with gmail might not be all too easy at the moment but it is still a step in the right direction. Yet another interesting option for consumers looking to simply and keep passwords in one place. YubiKey is another candidate worth looking into.

Original Post:

How strong is your password? Is it strong enough to withstand a brute-force hack? Likely not. Even worse, how many of us have trouble remembering our passwords?

First-off, it is somewhat challenging to come up with a decent password, strong enough to meet the requirements of whichever system you’re logging into yet not too confusing, as you will most certainly forget it.

That Age Old Saying: Write It Down

Never underestimate the obvious choice: simply writing your passwords down and keeping them in a safe place (hidden from your enemies) does wonders for the forgetful mind. The chances of a thief stealing your notepad instead of your laptop are slim to none.

Password Management Apps

Alternatively, one could employ a password management service such as RoboForm – which can be downloaded to your internet browser and used in seconds. Specific services may even push reminders of passwords to your mobile device, although in RoboForm’s case it does cost extra. The downside to such services is that some are stored online, which means your passwords are stored on a dedicated server located god knows where. So, the potential for your passwords to be hacked using a management service still exists. But hey, nothings perfect. So what else shall I do you ask?

Multi-factor Authentification

This authentication process has been around for years, especially on the enterprise level, where maintaining network security is key. It’s called multi-factor authentication which requires a user to provide more than one proof of identity before allowing access into a system. Examples may include using a smart-card, bio-metric scan or a security token in addition to a simple password. Although this may seem like overkill for your email account, it is far and away more secure than writing password info down or storing them online.

The Verdict

Password security is a catch-22: even if you go to great lengths just keep them private. So what’s a person to do? Individually speaking, one must weigh the risks against the likelihood an account could be hacked. Other factors you must take into consideration: cost (of password management apps), practicality and convenience.

Chances are you aren’t running an online banking company, nor are you defending your country against data thieves mimicking the bad guys in a bond film. You’re probably just like any of us: a person who has so many darn email, social-networking or related passwords, that it’s beyond easy to forget one from time to time. And yes, using the same password for everything is a bad idea.

So what do you do? Take the necessary precautions to protect your passwords from being hi-jacked. Write them down and stick them somewhere safe. Use a cheap yet effective password management app too. You may just save yourself some frustration this year. More importantly, don’t worry about someone stealing your password because, despite even the earnest of measures, if thieves really want to hack into your account they’ll probably succeed. On that note, Happy Friday everyone!