Can We Ever Truly Master Password Security? Computer Scientist Weighs In

Released: 2-Sep-2014 10:35 AM EDT
Source Newsroom: Georgia State University
Expert Available
Contact Information

Available for logged-in reporters only

Newswise — With more than a billion passwords hacked this summer, and data breaches occurring on a daily basis – can we ever truly keep our passwords secure and our data safe? A Georgia State University computer scientist says the problem is complex and creating more secure passwords is difficult as we find ourselves trying to remember passwords for all of our online accounts.

“It’s hard to believe one can keep the passwords 100 percent safe and secure,” said Xiaojun Cao, associate professor and acting director of graduate studies for the Department of Computer Science at Georgia State. “The secureness depends on multiple aspects such as the quality of passwords, how to use passwords, and where and how to store passwords.

Direct contact information for Cao is available in the contact box above for logged-in reporters to Newswise.

With many of us having numerous Internet accounts – from bank websites and credit card portals, to email accounts and shopping sites – some of us often duplicate the same passwords across accounts.

“Think about this: how many usernames/passwords do you have out there on the Internet? A safe guess will be more than 10,” Cao said. “I recently found that the number of my Internet accounts/passwords is more than 40. Creating unique, strong passwords for even only 20 accounts – and remembering those passwords – is extremely challenging, if not impossible.”

Duplication yields risk, in addition to passwords that are easily cracked, he said.

“How often do you settle with easy passwords, use the same username and password, or create passwords in a similar pattern?” Cao asked. “Patterns and predictable words are prone to dictionary-based password attack.

“What could be even worse is password reuse,” he said.

Cao said that instead of putting passwords on sticky notes or down on notepads, tools like Keepass and Lastpass – password management software -- are much better.

While a lot of the responsibility to keep accounts secure falls on users, a greater onus is on the corporations and entities running websites.

“We use passwords to communicate for information retrieval all the time, such as checking bank balances,” Cao said. “Then the questions we may ask include how secure is the data communication and how secure are the servers – this is kind of out of the users’ hands.

“We may just have to blame the corporations and other website owners for the poor security,” he explained.

For more about Cao, visit http://www.cs.gsu.edu/?q=x_cao.


Comment/Share