Tech DeKoded — The best password is not a password

Passwords. Source: Pixbay

123456. If your reaction to these numbers is, “How on earth did they guess my password!”, well, our advice to you is to change it immediately. Over the years, this set of numbers has regularly topped the list of the most commonly used password. Even In 2015.

Top 20 Passwords. Source: SkyhighOnline services firm, Skyhigh, analysed 11 million passwords for cloud services that were for sale on Darknet — an underground place for buying hacked data and other unsavory things — and found 4.1 per cent of these were “123456”. The firm also discovered that 10.3 per cent of users employed the 20 most popular passwords. “That means with fewer than 20 tries, anyone could login to roughly 1 out of 10 accounts today,” warns Skyhigh.

Dilbert's take on passwordsPasswords have an inherent problem — users tend to forget complex ones, and gravitate towards using simpler combinations. And they often repeat the same password for every online service they sign up for — so if hackers guess one they have guessed all, potentially turning your private life into an open book anyone can buy on the darker parts of the Internet.

However, the good news is that tech companies are tackling this problem with a simple idea — get rid of that password altogether. Problem solved! But then, what do you replace it with? The alternatives need to be fast, secure and not depend on human memory. Well, currently the popular option is to use biometric sensors. You would have noticed many recent flagship phones come baked with a fingerprint sensor that unlocks the phone, and eliminates the need to use passwords or pins.

Windows HelloElsewhere, Microsoft has taken the idea further with Windows Hello for phones and laptops — it uses an iris scanner that analyses your eyes and authenticates you. Meanwhile, Google has baked Smart Lock in Chrome OS — it uses Bluetooth to figure out if your phone is nearby, and then automatically unlocks the Chromebook.

Google is also working on Project Abacus, which Engadget describes as the company’s “plot to kill the password” by using an “uncrackable collection of biometric readings”. So how will it work? Well, Abacus will lock or unlock devices and apps based on a cumulative ‘trust score’ — “as your phone continually monitors and recognises your location patterns, voice and speech patterns, how you walk and type, and your face, among other things”.

Which means, if hackers want to access your accounts, they will need to mimic multiple things that makes you uniquely you. They will have to follow you around, duplicate the way you walk, talk and look… Maybe this is a challenge Tom Cruise could take up in the next Mission Impossible flick.