The present password regime is unfit for purpose so we should be adopting new measures...
Written on KL1515 flying from Amsterdam to Norwich and dispatched to silicon.com from my home over aggregated ADSL circuits five days later.
All the best security guidance says we should change our passwords regularly and make them long and complex. Do any of us heed this advice? Do we heck.
I've just read a report that says 75 per cent of us use the same password for Facebook and email, and on average we only have three passwords each.
That finding prompted me to do a personal password count. I have five that I use regularly without having to look them up and another 10 or so that are managed by a home-built encryption system.
So, what is the precise nature of my passwords? Not telling. But let me say they are a combination of letters and numbers of varying length. They all make sense to me and are easy to remember but present a bit of a challenge to an outsider.
I also grade them from very simple to very complex depending on the assets I am trying to protect. On the wi-fi security front, for example, they span 'no password at all' through to 'a very simple and singular word'.
Do I feel safe and secure using my current system of passwords? No. Do you? I suspect not. Do I use the same password for several accounts? Yes. Do you? I'd put money on it. The reality is that the password regime alone is no longer fit for purpose.
We are all fallible, habitual and lax, and we need something more - something subliminal, automatic and far more secure.
I regularly find passwords on Post-it notes and whiteboards, and on so many occasions when I ask people what their password is they just tell me. And this is before I just sit and watch someone type a password in full public gaze.
It is astonishing what you can learn just by watching and listening in a coffee shop and asking in an office. This is the first line of attack for any smart hacker, followed by software that will decode a simple password in seconds or minutes.
What should we be doing? Please don't suggest we use...