Your mother’s maiden name, the city you were born in, and the name of your first pet are all easy details to remember. In 1961, the likelihood of most of these appearing among the first documented computer passwords of Massachusetts Institute of Technology’s Computer Time-Sharing System was relatively high. Consequently, when each member of institution’s Computation Centre had an allotted time slot of four hours on the mainframe computer (IBM 7094), it only took Allan Sherr, a PhD researcher at the time, a year to get bored and hack into his peer’s accounts. By printing a copy of everyone’s password with a few unsettlingly simple commands, he was able to forge more time for himself. If the first generation of passwords were hacked with such an adolescent motive, there is little wonder why today’s cyber security professionals promote the importance of using strong, randomised passwords to protect data from those with more malicious intent. Thus, we can point the finger at Sherr for our password headaches. After our parents unanimously landed upon the word ‘Password’ to secure the family PC, the next natural step was personalisation of the password – promptly resulting in everyone’s digital data being secured by vaguely memorable childhood details. At least this update came with the added benefit that if forgotten, these details could be recalled by the world’s first password manager: Mum.
After the events of Sherr were followed by decades of ever-increasing global media reports of cyber attacks, ransomware and data breaches, such as the infamous multi-million dollar Colonial Pipeline Hack of 2021, the public became exposed to the prevalence, and consequently the necessity, of cyber security. Today, more and more people can recognise incoming phishing emails from a mile away and generally acknowledge the importance of a quality password in fear that there is a hacker hiding behind every nondescript link, waiting to take advantage of digital naivety and complacency to infiltrate your personal finances and/or identity. With all the sensationalisation around this mysterious hooded figure, with motivations that are a world away from Sherr’s, it is often difficult to consider that your closest threat is sat behind the end of the computer screen that’s reflection shows you.
Understandably, it’s easy to forget that you can be the bad guy. We’ve been collectively forgetting things for centuries, using carvings, paintings, and writings in an attempt to record the information once at the forefront of our minds. It’s much easier to remember where you left that ink-scribbled notepad, than the information it reads. With a huge part of our lives now being lived out online, the search has turned to finding a secure, reliable password manager. Password managers push the anti-analogue argument. At their core, these are digital alternatives to the traditional notepad and pen that sits precariously in your desk drawer, and offer greater user convenience. While the main purpose is to retain and autofill your account’s email or username, and accompanying password, some more sophisticated packages offer intricate security features, such as document vaults, VPN’s, and secure private messaging. Examples include Google Password Manager, LastPass, Keeper, Bitwarden, KeePassXC.
In 2020, the UK Government offered guidance on multi-factor authentication suggesting to employ: something the user knows, which echoes the traditional password, something the user is, alluding to biometric security, such as a copy of your fingerprint or Face ID, and something the user has. The latter refers to a physical authentication device such as Yubico’s product, Yubikey. This acts as a tangible gateway to a password manager and is the latest effective multi-factor authentication. Although technologically sound, this update’s biggest weakness is its potential to become tedious. If every account required you to log into a password manager, and that password manager required you to log in with a password, biometrics and a physical authenticator, the act of sending a tweet or watching a YouTube video could become so laborious that the average user would question if it was worth it at all. But before our burden of passwords can be replaced with endless authentication, there are various tech start-ups, such as You., currently looking to tackle it by implementing blockchain technology to decentralise, and therefore simplify, the authentication process. It would provide each device with a registered Ethereum address validated on the blockchain combined with a push token for a biometric factor, e.g., Face ID, to provide access to the account.
As password management software rapidly evolves alongside increasing coverage of digital affairs, it is easy for the concept to become overwhelming. Tech entrepreneurs can replace your mother, and password managers can fulfil the role of a notepad, but only if you decide for them to. It’s better to secure your crypto with a method that you are confident in, than put yourself and your personal assets out on a whim to stay ahead of the curve.