World Password Day is a reminder of the human need to keep or find secrets: Secrets and keys

The centrality of information has led to the discourse on passwords being limited to issues of data protection and data theft. This is unfortunate. The password — that mysterious scroll of digits and alphabets — whispers other secrets.: Shutterstock

The Editorial Board   |   TT  |   09.05.21:  The fabled knight, myths, legends and ballads say, rode laced in shining armour. The knights of yore have since ridden their way to sunset. The modern knight in a data-driven world is at the beck and call of the keyboard or the mobile phone. His armour has changed as well. For the protection of data — be it personal information or that related to commerce — is only possible with the help of the password. World Password Day, which falls in May, is an occasion to remind the global collective glued to their phones, desktops, laptops, tablets — the technological wonders that modernity towed in along with it — of the importance of the role of the password in securing this gold mine of information.

The popular perception is that the password — a string of characters that are necessary to let a user gain access to computing or digital systems — is, like tech gadgets, the gift of modernity. But this, as is often the case with what constitutes the popular, is not quite true. Passwords have been around for a while and in a myriad forms. The secret to the longevity of the passwords has to — this is hardly surprising — do with the culture of secrecy itself. Secret societies were in vogue in the eighteenth and nineteenth centuries. Many of these clandestine organizations were incubators of democracy. They came up in response to the prevailing orthodox milieu and their members were encouraged to engage in frank and fearless discussions on critical matters of the day. But a taste of this forbidden — delicious — freedom was predicated on the ability to furnish the right password on the part of their patrons. But passwords were not merely sentinels of a shared privacy. They can be looked at as ciphers to understand things about the world and its residents. Research, for instance, has shown that the majority of people use some kind of private information — names, year of birth and so on — while creating passwords. This herd response comes with risks. Data security analysts — today’s high priests — insist that such a choice weakens password protection. Apparently, data suggest that 10,000 of the most commonly used passwords can help unlock 98 per cent of all global accounts.

The centrality of information has led to the discourse on passwords being limited to issues of data protection and data theft. This is unfortunate. The password — that mysterious scroll of digits and alphabets — whispers other secrets. For instance, the password poses a formidable challenge to mnemonic toolkits. Multiple accounts require multiple passwords, each of which needs to be distinct. The sheer volume of these secrecy codes necessary for modern living is enough to challenge even the sharpest of minds. At a more fundamental level, passwords and their veneration embody the cat-and-mouse game between keepers and finders of secrets. The outcome of this ancient game integral to human culture is decided by the sanctity or the violation of the password.

The password is passe

(https://www.telegraphindia.com/science-tech/the-password-is-passe/cid/283710)

Every day passwords of Internet users are being stolen worldwide, be it their email, social networking or banking passwords. So how do you protect yourself?

One of the simplest ways to secure your numerous accounts, other than the recommended complex and confusing mix of alphanumeric characters, is the two-step verification. It has been there for some time, but many of us have not used it at all. It is about time you did.

Google, Facebook, Yahoo, PayPal, Dropbox and many other sites have begun offering this facility. Two-step authentication relies on “something you know” (a password) and “something you have,” (a cell phone). It works like this: whenever you sign in, you enter your username and password as usual. Then, you will be asked for a code that will be sent to you via text on your mobile. Upon entering this code correctly you will be allowed to log in to your account. It is as simple as that.

There is even an app called Google Authenticator for your smartphone. You can generate the code directly on your phone without the need of a network connection. The app is available for Android and iOS devices. You may well ask how will Google know what code is generated if there is no network connection. The simplified answer is that a six-digit code is generated using cryptography techniques that are a combination of something that is unique to your account and the current time. The code lasts for 30 seconds so you must log in within that time window.

To enable two-step verification for your Google account sign in to Gmail as usual. Then go to Account Settings by clicking on the image of your account. You will find it in the top right of your browser screen. Go to Security and enable Two-step Verification.

Those of you who have a Microsoft account go to https://account.live.com/proofs/Manage. Log in and then select Security Info on the left and then click the Set Up Two-Step Verification link. Then work through the onscreen instructions.

Even Apple has joined the growing list of online services that have been incorporating two-factor authentication security. To set it up, go to the My Apple ID page at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/. Click on Manage Your Apple ID, sign in and navigate to Password and Security and then click on Get Started for Two-step Verification.

Two-step authentication will make your account safer and less likely to get hacked. It is by no means foolproof since you are still using a password. You are only making it more difficult for a hacker to get access to it.

Eric Grosse, vice-president of security engineering at Google, thinks the concept of password should be abolished because people choose them badly, lose them, write them down, and reuse them across different websites. In fact, Google is trying to replace the password with a USB device and a piece of jewellery with an embedded microchip. “No matter how complex your password is it can no longer protect you. Recently hackers released 15 GB of wordlist file that can crack almost of all passwords you can think of,” says Abir Atarthy, ethical hacker and co founder of the Indian School of Ethical Hacking (www.isoeh.com).

In a paper published in January this year, at a security conference in San Francisco, Mayank Upadhyay, security engineer at Google, said the company had developed a prototype ring that could take the place of a password. These rings will not contain any passwords. Instead they will contain an encrypted key that will communicate with a USB device that you will have to plug on to your computer. To log in to Gmail you will have to plug the USB device into your computer. Then it will communicate with the microchip embedded in something that you always carry with you such as a ring or bangle. The two will communicate through a technology called Near Field Communication or NFC for short.

Most mobile devices, except Apple’s, are NFC-enabled so you will not require the USB stick. The authentication will be done automatically between your phone and the ring on your finger.

Google did not say which company would supply the hardware chip and the USB device, but the features described in the paper are identical to a USB security key called Yubikey NEO. Currently, all stocks have been sold out.

The campaign to kill the password seems to be gathering momentum at last.

Send in your computer- related problems to askdoss@abpmail.com with bits&bytes in the subject line