CXO

Peter Cochrane's Blog: Tips for tightening up password security

The present password regime is unfit for purpose so we should be adopting new measures...

...a dongle as adopted by many banks and companies. Those things are a menace, really inconvenient and less secure than you might think.

I would suggest the best alternative is to adopt a non-commercial protocol or regime. A monoculture where we all do the same thing, or select from a narrow range of commercial products, just plays into the hands of the enemy.

I would recommend going for something unique and obscure by way of process, with information that only you know - and not a combination of memorable dates, names and things.

Concatenate all this with some unique aspects or facts drawn from your life - numbers and letters from the first car you purchased or a sailing dinghy, for example. Even better, choose a non-obvious login identity.

Combinations of passwords

You can also use combinations of passwords, parse them and alternate the typing direction. None of these methods are perfect or beyond cracking but they are pretty strong, and best of all they allow you to create passwords that are simple and easy to remember.

Beyond these measures, fingerprint readers, facial recognition, voice recognisers and other biometric software can protect your machine, storage and network. Even more radical, 15 years ago I developed a system that recognised the rhythm of our typing.

This approach drew on my experiences using Morse code and the analysis of a walker's gait. All so simple, invisible and very hard to mimic. Such systems may now be available commercially.

Just search the net, see what you can find and remember that when it comes to security, obscure and weird is good. Choose and implement a unique combination of measures and take that extra step by encrypting anything you really value.

Ultimately, it is not just we as individuals who are on the back foot and alone here. It is also industry, including all the tech enterprises.

The truth is we are naturally inclined to be lax when it comes to security and we do make it so very easy for those determined to break in and do their evil work. It really is time to think anew.

About

Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.