It's something most of us access daily, and something that can cause great frustration: passwords. We have too many passwords, and are frequently felled trying to remember which password was used for which device/website/app. Frances Zelazny, Vice President at BioCatch, spoke with TechRepublic's Dan Patterson about the problems with passwords. The following is an edited transcript of the interview.
Dan Patterson: Frances Zelazny, you are the Vice President at Biocatch. Let's talk about passwords and security. Why are passwords a terrible form authenticating my identity and my actions within a session?
Frances Zelazny: Well, simply put, most passwords can be hacked within about 13 seconds, I guess, or less. Because we don't really make many uses of all the permutations that we can. And so most people have a portion of their name or four digit numbers that are very easy to guess. And a lot of people still, even with all the threats that we hear about, will put their password under a sticky note, you know, under their keyboard or on the side, making it even that much more easy to steal and borrow.
SEE: Network security policy (Tech Pro Research)
Dan Patterson: So what if I have a virtual sticky note? By that I mean a password manager like Last Pass, One Password, Dashlane. Are those passwords just as vulnerable?
Frances Zelazny: Well, essentially those are just storing the credentials that are, again, easy to guess. You'd be surprised how many people use 1,2,3,4 as their passwords or the default admin password that a lot of passwords are just Password. And so it doesn't take that much to guess what those are. And also in an age of hacks and breaches, when you get into people's records, their passwords are there in plain sight to be used.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Orbitz says hacker stole two years' worth of customer data (ZDNet)
- Dark Web: The smart person's guide (TechRepublic)
- Yahoo users can sue over data breaches, judge rules (ZDNet)
- 5 ways to build your company's defense against a data breach before it happens (TechRepublic)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.