/ Money, Technology

Would you be happy to say goodbye to passwords?

Passwords

Barclays phone banking customers will be able to use voice recognition technology instead of passwords as security checks. So are we seeing the beginning of the end of passwords?

The name of a first pet, a river in Northumberland or the first song played at your wedding may seem to have little in common. But they are all among the things people in our office have used to create online security passwords…

Password problems

In my own case, you could probably put together a fairly accurate (though not very interesting) biography of my life from passwords I’ve used over the years. I must confess, I’ve previously raided family names, nicknames and birthdays in an effort to make them memorable.

This is of course a classic security error. While it might be pretty tough to guess the name of the first song at your wedding (in this case the unfortunately named ‘Runaway’ by The Corrs), family names are all too easy to guess or find out.

But let’s face it, when you have to come up with and remember passwords for dozens of different websites many of us have at some time taken a security shortcut.

Although it’s still hard to believe that the three most used passwords of last year were‘123456’, ‘qwerty’ and ‘password’…

We’ve previously set our computer helpdesk the challenge of creating the perfect online password but even if you do create secure and unguessable passwords, there is the question of how many you actually need to have.

There’s no getting around it, having to remember multiple passwords is a pain, which is perhaps one reason many people now use password manager websites.

Another shortcut some try is to either use the same two or three passwords across different sites, which of course has its own issues. And I’ve even heard of people who use different groups of passwords for different sites – different types of animals for financial sites for example. Though even then you’ve still got to remember whether cat or dog means NatWest.

The end of the password?

Well alternatives to passwords seem certain to play an ever-increasing role. Other banks, including HSBC, are set to follow with using voice recognition, while other websites, apps and phones are starting to use fingerprints to verify identities.

But for now it certainly seems that passwords and the problem of creating ones that are both secure and easy to remember are set to stay for now.

Do you have a failsafe system for remembering your passwords? Would you be happy to see the back of them?

Comments
Profile photo of william
Member

Too start with, no one should be using a password. They should be using a passphrase. The some letters converted to numbers.

Hands up if you can remember a few words of your favorite song, moive/tv clip etc.

Member
Chrissi says:
7 August 2016

So voice recognition what happens when due to illness u have no voice or your voice changes? Clearly something needs sorting but voice recognition is not going to help for obvious reasons.

Profile photo of Ian
Member

Apple’s fingerprint technology works well for our iPads and iPhones but I’ve never encountered a security system that’s unhackable. We use a variety of passwords, ranging from relatively easy to guess to incredibly obtuse and made-up words. But our Bank uses prime number generating keypads for access to our online banking, which is probably the most secure system for the public at the moment.

But companies are in a quandary. They want to irritate customers as little as possible, but they have a duty to protect those same customers and are continually devising ways to make secure access easier. Trouble is, no system is 100% secure.

Profile photo of duncan lucas
Member

Sounds good doesn’t it? but real life brings it down to earth with a bump , William is right all the same dont use a password – easily cracked , GCHQ can crack it in seconds , as William says use use a phrase this is because of the way computers work I wont go into detail as it gets technical . Back onto voice identity University of Alabama (and others ) including “Black Hat ” Official hacking for the masses . were able to penetrate automated and voice verifications systems using an off-the -shelf tool , it could access bank accounts , identity theft and even damage your reputation .With just a few minutes of voice samples captured by hackers listening to your conversations with a recording device , it could fool an automated or human system . I should also add the CIA/FBI have built up a massive identity bank of human voices , not only in the States but Europe as well . Chinese hackers were blamed for the theft of 5.6 million fingerprints . So stick with William he,s right.

Profile photo of Beryl
Member

This is so topical and relevant. I have recently received notification from Google that someone else is using my password which was not an obvious one like a pet name or a name of anything else. It also contained two numbers. I have now changed it but this is very worrying. I don’t bank on-line but would be more worried if I did.

Clearly it is becoming easier for hackers to get access to your password and a back-up system is needed. I am also continually having to sign in to Which?Convo. I have tried to change my Which? log-in password but I am informed I have to also change my Convo name which I am reluctant to do, but it’s getting to the point where logging in and reregistering whenever I need to make a comment is increasingly becoming a bit of a pain.

I am having to reregister to send this comment, so I would like to change my password without changing my name please to see whether this identifies the problem. Something is obviously amiss.

Profile photo of duncan lucas
Member

Beryl the mods on Which should know who you are by IP address although it can vary if it is not a fixed one but It cant usually be hacked although if you have allowed a virus onto your computer then it can be controlled remotely or used to benefit the hackers . If I was you I would do a deep scan of your computer and if nothing shows up there are specialized programmes for -root kits -trojans etc which are hard to remove . I hope your browser is secure I have many blockers on mine one is not enough .

Profile photo of Beryl
Member

Thanks for your help Duncan. I do have an inkling as to the cause of the problem but it would be unwise to disclose any details for as John makes the point it would pose a security risk. I will however carry out a deep scan asap as you suggest.

Profile photo of John Ward
Member

Interesting topic, but for security reasons I cannot answer questions on passwords.

Member
Charles Alexander says:
7 August 2016

Fingerprint technology doesn’t work for guitar players, particularly those that finger-pick with their right hand fingers and thumb, as their fingertips develop a tough layer of skin from constant contact with the strings which replaces the unique fingertip pattern that the technology requires.

Profile photo of duncan lucas
Member

Charles are you saying the layers of the skin on the fingers is rubbed down to the final layer before it bleeds ? . The latest technology can scan down several layers and can tell if you have cut off a dead persons finger and used that . I see why Which has put this Convo out , its the latest talking point on social websites but it is companies with an interest in it for profit that are pushing this on websites -ie-advertising promotion saying , the public “want it ” -aka- BB want it. While some cant be bothered to input good passwords and are for this , many dont want it for the reasons I gave above but they arent the ones being publicised.

Profile photo of malcolm r
Member

If I cut my finger end and put a sticking plaster on it, I might well be denied access to my account(s) until I have healed. Personally I’ve had no problem with passwords – except not realising at the beginning how many I would eventually need and not organising some system to produce and keep track of them. The important ones to me are where I might suffer financial loss.

Providing the organisation I use approves my password (degree of complexity) and then take responsibility for any losses that might occur through misuse not of my making I would be happy, These institutions have the professionals to help us create secure passwords to suit their security systems, as far as possible, much more so than we can ourselves. Perhaps I am being over-optimistic.

Profile photo of wavechange
Member

I don’t use my phone for any financial transactions but do use fingerprint recognition to unlock it. My index finger was not recognised for a couple of weeks after a glove developed a hole when I was using oven cleaner, but the phone still recognised my other fingers.

Member

I’ve been following the development of a new technology called SQRL (grc.com/sqrl) that is being designed to replace passwords. I believe it has a lot of promise and would be far superior the banks’ proposals to use voice recognition, which has far too many issues to count.

Indeed it is about time that passwords were confined to history. The SQRL spec and reference implentation is still being working but I hope its official release will be announced soon. I hope Which? will cover this if they are serious about informing their readers of alternatives to passwords.

Profile photo of duncan lucas
Member

Dan you are possibly more knowledgeable on this subject than me so I would like your opinion on the leader on website- security.blogoverflow.com/2013/10/debunking-sqrl/ its an IT website dealing with security.

Profile photo of Ian
Member

SQRL has some advantages over the usual password / username fiddling, but it’s open to other types of attack. It depends on the old Public key / Private key system that’s been around for years but its weakness is the same as every other system: essentially servers are ‘always on’. And it’s about as secure as Bitcoin, I suspect.

Profile photo of duncan lucas
Member

Thats what I thought Ian but was giving Dan the opportunity to respond to what I posted , As you say, according to that website it isnt perfect . I will keep using the normal system , unless Which is influenced by SQRL and introduce it .

Profile photo of wavechange
Member

I rely on some prompts that enable me to remember passwords and they would not mean anything to anyone else. I occasionally forget that I have updated a password and have to reset it, but only for passwords used infrequently. I think there is merit in devising your own system rather than relying on popular methods of dealing with passwords.

Any worthwhile login system should recognise and reject proposed passwords if they are weak.

I am certainly interested in new systems that don’t rely on passwords but am happy to wait until their security has been demonstrated.

Profile photo of duncan lucas
Member

Wavechange you mention prompts to remember passwords and you are not alone very many use programs to store their passwords and in other places but what I dont understand is I use a foolproof method that cant be erased, spied, on , hacked etc by anything on the web -high tech -uh ! no “Stone -Age” tech- Reporter’s notepad and Biro – never fails I have all my passwords on it .

Profile photo of wavechange
Member

It looks as if we are using a similar system, Duncan. My hints are on some record cards left over from when I started keeping my references on a BBC Micro. I’m not keen on using any commercial software to generate or store passwords.

Profile photo of collinsons
Member

Mmm? Not sure a pad and biro would suit me! I’ve got hundreds of passwords – I never use the same password for different websites. I doubt I could remember any of them off the top of my head. Don’t need to. I use an easily remembered, but complex, Master Password which I change regularly, to access an encrypted file which holds all my other passwords. This file is readily accessible (by me!) from all my gear – PCs, laptop, mobile phone, tablet, etc. Any password can be cracked given enough time, and the appropriate technology, but the reality is that no serious hacker is going to spend large amounts of money buying the equipment to do this, or spend an excessive amount of time trying to crack the password if the bank account (or whatever) belongs to Joe Blogs with a few hundred pounds in it. If you’re a multinational company or somebody with large amounts of cash, yes, maybe it’s worth the effort. I’ve used this system, or similar, for decades with success – never been hacked. And no, I’m not complacent, I try to keep abreast of changes in the technology, and the way hackers work. Reading Which and Which Computing certainly helps!

Profile photo of malcolm r
Member

An old diary stores mine in a form that is not straightforward. However, never tell your bank that you’ve written down a password or a clue………

I suppose its age, but I use one of my credit cards every few days normally and yet the other night, when thinking of using it to pay for a car park at A&E (you need a card these days unless your wallet is bulging) I could not remember it, and the more I tried the worse it got. Another card I never use I remembered straight away. Luckily once I got to the pay machine it all came back to me.

Profile photo of duncan lucas
Member

You are not alone with the “senior moment ” Malcolm , I got a bit embarrassed when going into my bank inserting my debit card and —keying in the wrong password .I tried it twice – wrong ! luckily the girl behind the screen recognised me ,took my card and did it from her side . On reaching home I had to look up the original security slip with the transparent box built into the letter to remember it. I keep several passwords in my head but have now written them down in case I forget.

Profile photo of malcolm r
Member

The best place, and the safest one, for such sensitive information is on the inside of your eyelids, duncan. 🙂

Member
bishbut says:
8 August 2016

No one has up to now come up with a system that is foolproof. When a new one appears someone is trying to find a way to beat it The bad guys have just as clever people working for them as the good guys have. Which side will eventually win. ?? We want the good guys but it will take a long time yet.

Profile photo of Ian
Member

Talking about remembering passwords, I decided to compile a list of passwords for our life, (just in case I get mown down one day by an over-enthusiastic council grass cutter,) and I was surprised at just how many there were. You can store it on a Mac and on our system it becomes networked to the nine we have in the house. Apple has very nice encryption systems, and I use a simple but effective one of turning the folder in which everything is stored into an encrypted disc image. I then only have to remember one password to bring up the file of all the passwords.

But in effect making our passwords strong and using combinations of letters, numbers and Egyptian hieroglyphs is largely futile; most ‘hacks’ are nothing of the sort. They come from people who’ve been sold your passwords, because a crooked employee has scarpered with the lot, or from a notoriously insecure server which has been compromised to allow all your confidential info to be shown or quite often because someone had left their laptop on the bus – yes, really. Because folk are becoming cannier about passwords criminals are – as ever – looking for the easiest ways to get at your worldly goods, and that doesn’t involve ‘cracking’ your password. Usually, it involves buying it from somewhere, and then trying lots of sites randomly until they find one that accepts it. Bit like finding a bunch of keys then trying every door.

What we need is for companies to be fined eye-watering amounts if they’re found to have badly secured systems. That should be the crime – not simply the loss of data.

Member
Janis says:
8 August 2016

You refer to Apple’s nice encryption systems – you need to make sure you do not rely on Apple to help your executors in the event of an unexpected encounter with a lawn mower. It seems Apple would refuse to allow access even to your executors without evidence that you wanted to give them access to your data !! An apparent mismatch between UK and US law .

Profile photo of duncan lucas
Member

Yes Janice there is a mismatch in Law between how server information is treated in US courts relating to US citizens rights and ours where we are in US Law Foreigners and can be forced to show all UK info to US security WITHOUT US court actuation and the fact of the new Server Legislation in the EU/UK being PASSED on 1-8-2016 , ALL our data transferred to the US legally ! Where is all the massive UK media outcry ?? -silent as a lamb – the US rules ya , okay ?

Profile photo of duncan lucas
Member

Talking about security “somebody ” took offense to me criticising China for being the land of built to a price , one of my favourite international news channels was “diverted ” to a Chinese server and I was presented by the website not being in English but in Arabic .Following that I got Chinese spam and Chinese scammer emails . I managed to fix the news channel ,but listen up, China , no, if the cap fits I intend to carry on laying the blame where it really lies. This was on my usually used browser- Firefox the others were okay .

Profile photo of D923925457
Member

Sorry, I had to give a thumbs-down to this comment, after reading through it four times, I still cannot make any sense of it.

Profile photo of duncan lucas
Member

Translation just for you D – I criticise Chinese products that are “built to a price ” , somebody got fed up , insulted, didnt like me saying it , probably somebody who benefits from selling their products or even the Chinese authorities . On opening up Firefox and clicking on my favorite foreign news channel (but hated in the West ) somebody had hacked it and I was presented with a screen showing the Arabic version , I am not Arabic nor can I speak it , at the same time I received two Chinese emails one was blatant advertising and the other was a hacker wanting me to click on a nasty virus/ trojan/root-kit , I didnt oblige him . I dont believe in co-incidence every action has a purpose . IF that isnt plain enough well then ********.

Profile photo of malcolm r
Member

I like the principle of adding an explanatory comment when giving a thumbs down, D. 🙂

Member
Gill Hayton says:
8 August 2016

I agree that no system is foolproof. I use a number of different passwords, of varying degrees of complexity. The problem I see with voice technology is the question of whether you would be shut out from your account if you had a bad cold? Fingerprints seem to work – with the proviso that they get fainter as you get older: at least Apple still provide the code as an alternative. I note that my new iPad needs 6 digit code rather than 4 digits – clearly better. My son tells me that fingerprints are, at least theoretically, hackable.

Profile photo of duncan lucas
Member

Gill -no,- the latest speech recognition equipment can still recognise your speech pattern even with a bad cold or if you are in a crowd with background noise UNLESS there is a loud siren next to you blasting away .

Profile photo of VynorHill
Member

Many friends and relatives “laugh” because I refuse to do much in the way of finance on line. My theory is…if it isn’t there it can’t be hacked. I am happy with passwords -in what ever form – on my side of the fence, but as others have said, once a password/code has left the computer to do its job on Amazon or equivalent shopping places, my caution becomes useless if it is misused by them. If I want to buy something, it’s a risk I have to take, and I do this by confining my dealings to one single payment method. I know the length and breadth of any damage that can be done by criminals. Passwords still seem to be the easiest form of security, and since nothing is entirely hack-proof, I’m happy to stick with them. SDfw4$[n23x signing off.

Profile photo of John Ward
Member

I have been wondering where I can get hold of a second-hand Enigma Machine [and a Lorenz Machine for financial transactions].

Profile photo of VynorHill
Member

Three or four rotor? They’ve got some good second hand ones at Bletchley Park, but if we hacked that in 1942, I’d be looking for something more secure. How about a counter with a person behind it and lots of free pens to write things called cheques?

Profile photo of wavechange
Member

Yes, I don’t fancy using old foreign technology that has proved to be insecure when we can probably come of with something better in the slightly Disunited Kingdom.

Profile photo of malcolm r
Member

You could use your Nat Lottery Millionaire raffle numbers – 4alpha 8 numeric. Nobody, even Camelot, seems to have heard of the ones I get so they must be pretty secure.

Profile photo of wavechange
Member

What about those of us who don’t subscribe to this National Lottery and have no idea how it works? My dependent financial adviser (father) told me it would be a better investment to put my money in a current account earning no interest.

Profile photo of malcolm r
Member

I would actually put your money into Premium Bonds – as safe and retrievable as cash but they can earn money if you are lucky. Nothing to lose. Then you could use your premium bond numbers. 🙂

Profile photo of wavechange
Member

I’ve looked up examples of Premium Bond numbers and they don’t contain lower case letters or ‘special characters’, so not to be recommended according to common advice on choosing passwords.

Profile photo of malcolm r
Member

I’m sure you could change upper to lower case and add special characters. Just suggesting a starting point. Better than buying an Enigma machine off ebay.

There are web password generators. I suppose these could provide trick passwords that are known to hackers. I’d just use your own devices. Selecting a string of numbers, letters and characters at random from your keyboard is not onerous.

Profile photo of John Ward
Member

I just like the idea of a piece of mechanical apparatus rather than an easily-hackable electronic code generator. I wouldn’t trust an e-bay seller to put an undecrypted Enigma machine up for sale. I appreciate that the Enigma codes were eventually broken but I would take the risk that nobody else knows who has the counterpart rotor. Unless I am underestimating myself, I have a feeling that no modern-day Alan Turing and a whole platoon of WREN’s are going to be deployed trying to decypher Mr Ward’s Amazon account log-in details.

I rather liked Malcolm’s behind-the-eyelid suggestion for where to store passwords. I occasionally have a code in the nodes that distorts speech patterns and wonder whether that is an advanced feature of the method. Tongue in cheek of course.

Profile photo of duncan lucas
Member

Your right John deciphering an Enigma machine could be done in minutes nowadays . What its called is “brute force ” used by GCHQ/NSA using massive tax payer paid for computers they just crunch numbers at exceedingly great speed ,no brains required . You can now buy parts for them on the web as well as build your own machine with circuit diagrams.

Profile photo of John Ward
Member

Luckily I still have a brain so I wouldn’t let GCHQ know I was using an Enigma machine to generate my triple-encrypted passwords. Since they probably already know everything there is to know about me in any case, it’s not them I am worried about. As it happens, I am rather a fan of GCHQ.

By the way, the cleverest bit of Bletchley Park’s work was making sure the other side didn’t find out their communications had been decyphered. That required human intelligence to work out what to act on and what to ignore. I am sure GCHQ are brilliant at that.

Profile photo of Patrick Taylor
Member

The trade magazine for the UK bankers in the current issue covers a multiple number of articles on the digital economy. And each of the articles … so far- I have yet to finish it – is pretty darn meaty and addresses the current problems and where we are going.

If we as a consumer body are going to be on top of these matters the Consumers’ Association should be informing us of the intended path and the upsides and downsides. Reacting after an event with big headlines and sign-ups will suggest a lack of foresight. I could be doing the Consumers’ Association an injustice but I do not think they are organised for this sort of forward thinking on matters which will impact us.

– completely cashless society as they are half-way too in Sweden. And what happens to those incapable?
– all your money as a digital account where the central bank can administer negative interest.
– methods of identification – are they all as good as they say they are

The aspect of security is,I consider, rather light but then it is a magazine for bankers not fraud specialists or computer geeks.

These are important matters and I have been on the other side of the fence telling people how the PIN was secure and any loss was their fault. It was a lie as has come to light after years of misery and false accusations against customers and their families.

Any salesman is likely to tell you their security system has limited downsides in use but is 100% safe. In Sweden there system of people transferring money digitally to shops and each other is doing brilliantly well. This to the extent that some major shopping chains AND even banks do not deal in cash. Sounds brilliant. Not so good for tourists.

My take is no one is going to waste time cracking the processing/transactions/currency of a small Nordic country where the convertibility to other useful currencies is limited. However it might prove useful for rogues to gain insight if it becomes widely adopted in EU or US society.

Profile photo of Patrick Taylor
Member

Just for fun and see what is happening in the Finance world the August/September copy of Financial World covers:
– the cheapest AE pension provider for those employing a single person earning under £30,000
– effects of the closure of bank branches on less affluent areas
– Broadband performance in the UK – four solid pages of print
– UK student loans and the reason why even if you wished you may never clear it
– pension systems and the provision of easy use dashboards to keep track
– tax evasion and control in the UK. [the good news UK has one of the smallest problems ]
– offline and off the map – around 3.8m households not connected to the internet
– ATM’s 50 years old and where are they developing
– cash in the digital world -a theoretical study of Bitcoin etc
– Sweden and the cashless society [over half of all Swedish bank branches do not handle cash]
– central banks looking at blockchain accounts and how this in time might ” allow negative interest rates to be levied on currency easily and speedily, so relaxing the zero lower bound restraint” BoE 2015 Andy Haldane

Profile photo of malcolm r
Member

dieseltaylor, given the “professional” publications around on money matters do you think Which? does enough research, and has sufficient knowledge and expertise, to present fair assessments of particular financial issues? I would hope it would consult with appropriate bodies before going into print and stirring up passions.

Profile photo of John Ward
Member

I am reliably informed that the collective noun for a group of bankers is “a wad”. As we progress towards a cashless society it will be necessary to devise a new name for this species and a competition among Which? Conversationalists might be a good place to start the process. Any suggestions written on the back of a ten pound note and posted to me by the end of the month will be given due consideration.

Profile photo of Beryl
Member

How about a cache of bankers John. Might be appropriate name if we are to become a cashless society as we will most likely be seeing a lot less of them in future. I think you may have started something………………….

Profile photo of John Ward
Member

I like that Beryl. We could even have a Deficit of bankers with any luck.

Profile photo of malcolm r
Member

A Cell of Bankers is a nice thought…….

Profile photo of DerekP
Member

There can be particular dangers with websites where your userid is just your email address and if you use the same “password” (or pass phrase) over all such sites.

For example, suppose this site were hacked (perish the thought) and the hackers managed to download lists of our userids and encoded (“hashed”) passwords.

Then, for example, their list of stolen data might include my userid “DerekP” , my email address and a password hash, e.g. something like “7576f3a00f6de47b0c72c5baf2d505b0”.

Based on knowledge (or good guesses) as to the nature of the hashing algorithmn, a simple “dictionary based” attack could then very quickly reveal that “7576f3a00f6de47b0c72c5baf2d505b0” is actually the hashed form of “password123”. After that, my accounts would be vulnerable on any other sites where I use the same userid (or email address) and password.

Hence, it really is important to use different passwords on different sites – and to avoid using obvious passwords like “password123”. It is also important for websites to use good hashing algorithms and to keep those details secure.

To help remember my passwords, I do usually write them down on paper somewhere – or for the more sensitive ones – I write down enough of a hint to allow me to remember the password.

Profile photo of duncan lucas
Member

And to think Derek that GCHQ stated – quote – we should make our passwords simple , their equivalent of being ECO friendly in using less computer power to decipher them . As William says at the very beginning our spy organizations and hackers love number crunching but dont like phrases used as passwords due to them being illogical.

Profile photo of duncan lucas
Member

In another piece of bad news for Android users IT Firm Checkpoint discovered a set of critical flaws in several Android devices allowing an attacker FULL control of your smartphone . using Qualcomm,s chipset firmware – dubbed =QuadRooter . Too many makes to, list so head to -QuadRooter Scanner app on Google Play store to check yours out . Remember I said a long time ago -Android security isnt as good as other types . Also beware Fake Android Prisma Apps Running Phishing , Malware Scam , you would think by this time Android users would get the “message ” seems not even after years of this.

Profile photo of Patrick Taylor
Member

“malcolm r says: Today 13:51
dieseltaylor, given the “professional” publications around on money matters do you think Which? does enough research, and has sufficient knowledge and expertise, to present fair assessments of particular financial issues? I would hope it would consult with appropriate bodies before going into print and stirring up passions.”

I cannot afford to buy more than one Which? publication but occasionally I do get the Money Which? magazine. The latest one being December 2015 which I picked up at the AGM.

It is better than the Which? mag in being information dense but in itself it looks purely at personal finance. And like all such magazines most of the content deals with current issues and taxation. Useful for those with money. Its circulation is also quite small. Perhaps undeservedly small.

There is also the question such as p25 on “How do tracker Funds generate a profit?” which as it mentions simply “stock-lending” I found a little disingenuous given how stock-lending can work.
” The Kay review argued that the risks associated with stock lending were borne by the investor so there was a divergence between the recipient of the income (the fund manager and the investor) and the bearer of the risk (the investor alone). This divergence, said the Kay review, could provide an inappropriate incentive to engage in stock lending and, more broadly, was inconsistent with fiduciary principles.” 2012

You may wonder why the answer did not cover the apparent small percentage charged by trackers if multiplied by the odd hundred of millions of pounds invested is a tidy sum for tracking an existing index. BlackRock Equity D makes around £5m from the £8,383,000,000 invested on £0.06 fee. It also takes 37.5% of the money raised from stock lending.

Broader matters like the security of payment systems, the digital economy and those disadvantaged by it , are far more general issues which need the widest audience. For instance the annual cost to an employee on his AE pension could be 100% more if he is not enrolled in NEST but in other providers. The idea that each year you pay 0.75% of your pension pot to the pension fund manager rather than 0.3% would seem laughable.

Profile photo of W.Taylor
Member

I’d welcome anything safe and sure to avoid using passwords. I’m pass worded up to the hilt and have to consult a list of them to proceed with online finances.
To enter my bank account I have to use: a customer number of 10 digits, an online pin number and a 10 character password. In addition to that I sometimes have to use a card reader for certain transactions.
It takes me so long to get passed the security page they flag up a banner asking me if I’m having trouble entering the system…….”Yes I am I often shout at the screen.”
I know that writing down passwords is not recommended but I need to and keep them safely locked away.

Profile photo of KennethF.
Member

One of the simplest and most effective way of limiting password theft and hacking is to impose the most draconian punishments on those who seek to swindle people by using this method. Strip them of ALL their assets and any passed on to others. Send them to forced labour camps and deprive them of their freedom. Do this for many years to make their lives as uncomfortable as they made the lives of their victims.

Member

How long before scammers find a way of recording your voice and playing it back to gain access?

Profile photo of duncan lucas
Member

Sorry to say Ian its already been done in the US thats why I posted previously on this subject that talk of using voice recognition as a means of accessing banks etc is a lost cause . I dont want to post how they do it but if forced by disbelief I will , its technical.

Member
Senior C says:
11 August 2016

I find it very frustrating to be forced to conjure up – and then remember- a complex password for access to a mundane site. Where there is little financial or other significant risk, could not the security advisers be content with a short and undemanding password that one stands a chance of remembering?

Profile photo of duncan lucas
Member

Senior- because it compromises the website and gives it a bad reputation when an easy password is hacked . It doesnt matter if its a “no consequence ” website its reputation goes down the drain . It happened to Apple Cloud , but it was caused by some US actors using very simple passwords so Apple Cloud got hammered in the media when the said actors had their private info broadcast over the web.

Profile photo of DerekP
Member

As Duncan says it is not a good idea to use something that others might readily guess, e.g. “password”.

The trick is to use something that you can easily remember but not easy for others to guess.

Rules for scrambling the letters can also be remembered and used.

For example “p455w0rd” would be better than “password” – here I’ve replaced letters by numbers, if a letter has more or less the same shape as a number.

“p455W0rd” would be better still because I’ve now made the 2nd (not the first) letter upper case.

A further improvement would be “p455W0r#d” – here I’ve added one of those dreadful special characters after the 3rd letter.

I still wouldn’t recommend starting from “password” but “p455W0r#d” would be much harder to hack.

Long passphrases are much better too, e.g. one might start from “Peter Always Seriously Studies Which? On Rainy Days” or something like that. If however, you are useless at typing, like I am, you won’t want to have too long a phrase, because you’ll need to avoid problems with typing errors.

Member
Aitch says:
13 August 2016

Fingerprint recognition works well on my iPhone 6 but not entirely reliably. I find that if my fingers are damp, slightly damaged from rough work or whatever, and sometimes for no obvious reason, it doesn’t work. I wouldn’t want it to replace other verification methods entirely.

Member
NIGEL says:
13 August 2016

I use a downloadable commercial programme site, which has a password generator, to store my passwords which are protected with a master password. It automatically allows me to enter my password with one click when logging on to a site which requires a password. You can also securely store other information. Is this system (without naming it) safe?

Member
kenneth raine says:
13 August 2016

We make a rod for our own back by over rating freedom[usually license], and in general the institutions that should lead do not. Just simple things like being able to withhold telephone numbers, why? surely it encourages crime rather than promoting choice. Questions must be asked, how does society stop the things happening it wishes to prevent, what is the only way, what is the perfect way, and what is the practical way. And what “Holy Cow” is preventing us accomplishing it, how important is its continuation?

Profile photo of duncan lucas
Member

Interesting Kenneth ,your right of coarse we kid ourselves on we have freedom –we dont ,more and more society -aka- the general public are spied upon , checked up on, investigated and constantly watched . Just look at American, to which most people here seem to look up to, its one of the most heavily repressed nations on earth . Try demonstrating like we do here , heavy police presence who attack the demonstrate calling them “Commies ” and “Left Wing ” large numbers badly injured , 100,s jailed the marches blocked/stopped , everybody photographed. Just look at the shooting of black people in the US its far out of control , town lampposts with surveillance cameras and sensitive mikes , your mail intercepted (and yes I know personally of US citizens who have had that happen ) FBI breaking your doors down at 3AM , all your actions on the web watched . I have a dozen government organizations on file who constantly covertly snoop on US citizens and its all coming/came here . Why ? yes as you say “encouraging crime ” well the HMG /US government dont say that they say one key word –Terrorists- and by saying that they have both introduced Draconian surveillance methods , but hold on . havent they been doing that for many decades –yes ! but now its done legally and officially . You would be surprised who paid for set up supplied logistics to iSIS looks after them in hospital , re supplies them but your not going to hear about it on the UK media. Its all done for a cause. So yes its time our government was brutally honest with its citizens at least I could accept that.

Member
angela clarke says:
24 August 2016

Replacing Passwords.
Fingerprint instead of password may seem a good option but this won’t work for people, like me, who have naturally dry skin and very smooth fingers (or others whose fingerprints are made smooth by certain prescription drugs). My iphone doesn’t register my print at all; and twice I have had nasty problems at Immigration Control at airports in the USA, because my print wouldn’t register on their scanners.
Making up an efficient password is well worth the bother!

Member
chris says:
2 September 2016

good share