/ Money, Technology

Would you be happy to say goodbye to passwords?

72
Passwords
Profile photo of Paul Ryan Paul Ryan Sub-editor
Comments 72

Barclays phone banking customers will be able to use voice recognition technology instead of passwords as security checks. So are we seeing the beginning of the end of passwords?

The name of a first pet, a river in Northumberland or the first song played at your wedding may seem to have little in common. But they are all among the things people in our office have used to create online security passwords…

Password problems

In my own case, you could probably put together a fairly accurate (though not very interesting) biography of my life from passwords I’ve used over the years. I must confess, I’ve previously raided family names, nicknames and birthdays in an effort to make them memorable.

This is of course a classic security error. While it might be pretty tough to guess the name of the first song at your wedding (in this case the unfortunately named ‘Runaway’ by The Corrs), family names are all too easy to guess or find out.

But let’s face it, when you have to come up with and remember passwords for dozens of different websites many of us have at some time taken a security shortcut.

Featured Comment
Profile photo of Ian
Ian says:
7 August 2016
Apple's fingerprint technology works well for our iPads and iPhones but I've never encountered a security system that's unhackable. We use a variety of passwords, ranging from relatively easy to guess to incredibly obtuse and made-up words. But our Bank uses prime number generating keypads for access to our online banking, which is probably the most secure system for the public at the moment. But companies are in a quandary. They want to irritate customers as little as possible, but they have a duty to protect those same customers and are continually devising ways to make secure access easier. Trouble is, no system is 100% secure.
See full comment

Although it’s still hard to believe that the three most used passwords of last year were‘123456’, ‘qwerty’ and ‘password’…

We’ve previously set our computer helpdesk the challenge of creating the perfect online password but even if you do create secure and unguessable passwords, there is the question of how many you actually need to have.

There’s no getting around it, having to remember multiple passwords is a pain, which is perhaps one reason many people now use password manager websites.

Another shortcut some try is to either use the same two or three passwords across different sites, which of course has its own issues. And I’ve even heard of people who use different groups of passwords for different sites – different types of animals for financial sites for example. Though even then you’ve still got to remember whether cat or dog means NatWest.

The end of the password?

Well alternatives to passwords seem certain to play an ever-increasing role. Other banks, including HSBC, are set to follow with using voice recognition, while other websites, apps and phones are starting to use fingerprints to verify identities.

But for now it certainly seems that passwords and the problem of creating ones that are both secure and easy to remember are set to stay for now.

Do you have a failsafe system for remembering your passwords? Would you be happy to see the back of them?

Comments
72
duncan lucas says:
8 August 2016

In another piece of bad news for Android users IT Firm Checkpoint discovered a set of critical flaws in several Android devices allowing an attacker FULL control of your smartphone . using Qualcomm,s chipset firmware – dubbed =QuadRooter . Too many makes to, list so head to -QuadRooter Scanner app on Google Play store to check yours out . Remember I said a long time ago -Android security isnt as good as other types . Also beware Fake Android Prisma Apps Running Phishing , Malware Scam , you would think by this time Android users would get the “message ” seems not even after years of this.

0
Vote up  |  Vote down   Reply    Report
Share   
dieseltaylor says:
8 August 2016

“malcolm r says: Today 13:51
dieseltaylor, given the “professional” publications around on money matters do you think Which? does enough research, and has sufficient knowledge and expertise, to present fair assessments of particular financial issues? I would hope it would consult with appropriate bodies before going into print and stirring up passions.”

I cannot afford to buy more than one Which? publication but occasionally I do get the Money Which? magazine. The latest one being December 2015 which I picked up at the AGM.

It is better than the Which? mag in being information dense but in itself it looks purely at personal finance. And like all such magazines most of the content deals with current issues and taxation. Useful for those with money. Its circulation is also quite small. Perhaps undeservedly small.

There is also the question such as p25 on “How do tracker Funds generate a profit?” which as it mentions simply “stock-lending” I found a little disingenuous given how stock-lending can work.
” The Kay review argued that the risks associated with stock lending were borne by the investor so there was a divergence between the recipient of the income (the fund manager and the investor) and the bearer of the risk (the investor alone). This divergence, said the Kay review, could provide an inappropriate incentive to engage in stock lending and, more broadly, was inconsistent with fiduciary principles.” 2012

You may wonder why the answer did not cover the apparent small percentage charged by trackers if multiplied by the odd hundred of millions of pounds invested is a tidy sum for tracking an existing index. BlackRock Equity D makes around £5m from the £8,383,000,000 invested on £0.06 fee. It also takes 37.5% of the money raised from stock lending.

Broader matters like the security of payment systems, the digital economy and those disadvantaged by it , are far more general issues which need the widest audience. For instance the annual cost to an employee on his AE pension could be 100% more if he is not enrolled in NEST but in other providers. The idea that each year you pay 0.75% of your pension pot to the pension fund manager rather than 0.3% would seem laughable.

0
Vote up  |  Vote down   Reply    Report
Share   
W.Taylor says:
9 August 2016

I’d welcome anything safe and sure to avoid using passwords. I’m pass worded up to the hilt and have to consult a list of them to proceed with online finances.
To enter my bank account I have to use: a customer number of 10 digits, an online pin number and a 10 character password. In addition to that I sometimes have to use a card reader for certain transactions.
It takes me so long to get passed the security page they flag up a banner asking me if I’m having trouble entering the system…….”Yes I am I often shout at the screen.”
I know that writing down passwords is not recommended but I need to and keep them safely locked away.

0
Vote up  |  Vote down   Reply    Report
Share   
KennethF. says:
9 August 2016

One of the simplest and most effective way of limiting password theft and hacking is to impose the most draconian punishments on those who seek to swindle people by using this method. Strip them of ALL their assets and any passed on to others. Send them to forced labour camps and deprive them of their freedom. Do this for many years to make their lives as uncomfortable as they made the lives of their victims.

0
Vote up  |  Vote down   Reply    Report
Share   
Ian says:
10 August 2016

How long before scammers find a way of recording your voice and playing it back to gain access?

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
duncan lucas says:
10 August 2016

Sorry to say Ian its already been done in the US thats why I posted previously on this subject that talk of using voice recognition as a means of accessing banks etc is a lost cause . I dont want to post how they do it but if forced by disbelief I will , its technical.

0
Vote up  |  Vote down   Reply    Report
Share   
Senior C says:
11 August 2016

I find it very frustrating to be forced to conjure up – and then remember- a complex password for access to a mundane site. Where there is little financial or other significant risk, could not the security advisers be content with a short and undemanding password that one stands a chance of remembering?

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
duncan lucas says:
11 August 2016

Senior- because it compromises the website and gives it a bad reputation when an easy password is hacked . It doesnt matter if its a “no consequence ” website its reputation goes down the drain . It happened to Apple Cloud , but it was caused by some US actors using very simple passwords so Apple Cloud got hammered in the media when the said actors had their private info broadcast over the web.

1
Vote up  |  Vote down   Reply    Report
Share   
DerekP says:
12 August 2016

As Duncan says it is not a good idea to use something that others might readily guess, e.g. “password”.

The trick is to use something that you can easily remember but not easy for others to guess.

Rules for scrambling the letters can also be remembered and used.

For example “p455w0rd” would be better than “password” – here I’ve replaced letters by numbers, if a letter has more or less the same shape as a number.

“p455W0rd” would be better still because I’ve now made the 2nd (not the first) letter upper case.

A further improvement would be “p455W0r#d” – here I’ve added one of those dreadful special characters after the 3rd letter.

I still wouldn’t recommend starting from “password” but “p455W0r#d” would be much harder to hack.

Long passphrases are much better too, e.g. one might start from “Peter Always Seriously Studies Which? On Rainy Days” or something like that. If however, you are useless at typing, like I am, you won’t want to have too long a phrase, because you’ll need to avoid problems with typing errors.

1
Vote up  |  Vote down   Reply    Report
Share   
Aitch says:
13 August 2016

Fingerprint recognition works well on my iPhone 6 but not entirely reliably. I find that if my fingers are damp, slightly damaged from rough work or whatever, and sometimes for no obvious reason, it doesn’t work. I wouldn’t want it to replace other verification methods entirely.

0
Vote up  |  Vote down   Reply    Report
Share   
NIGEL says:
13 August 2016

I use a downloadable commercial programme site, which has a password generator, to store my passwords which are protected with a master password. It automatically allows me to enter my password with one click when logging on to a site which requires a password. You can also securely store other information. Is this system (without naming it) safe?

0
Vote up  |  Vote down   Reply    Report
Share   
kenneth raine says:
13 August 2016

We make a rod for our own back by over rating freedom[usually license], and in general the institutions that should lead do not. Just simple things like being able to withhold telephone numbers, why? surely it encourages crime rather than promoting choice. Questions must be asked, how does society stop the things happening it wishes to prevent, what is the only way, what is the perfect way, and what is the practical way. And what “Holy Cow” is preventing us accomplishing it, how important is its continuation?

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
duncan lucas says:
13 August 2016

Interesting Kenneth ,your right of coarse we kid ourselves on we have freedom –we dont ,more and more society -aka- the general public are spied upon , checked up on, investigated and constantly watched . Just look at American, to which most people here seem to look up to, its one of the most heavily repressed nations on earth . Try demonstrating like we do here , heavy police presence who attack the demonstrate calling them “Commies ” and “Left Wing ” large numbers badly injured , 100,s jailed the marches blocked/stopped , everybody photographed. Just look at the shooting of black people in the US its far out of control , town lampposts with surveillance cameras and sensitive mikes , your mail intercepted (and yes I know personally of US citizens who have had that happen ) FBI breaking your doors down at 3AM , all your actions on the web watched . I have a dozen government organizations on file who constantly covertly snoop on US citizens and its all coming/came here . Why ? yes as you say “encouraging crime ” well the HMG /US government dont say that they say one key word –Terrorists- and by saying that they have both introduced Draconian surveillance methods , but hold on . havent they been doing that for many decades –yes ! but now its done legally and officially . You would be surprised who paid for set up supplied logistics to iSIS looks after them in hospital , re supplies them but your not going to hear about it on the UK media. Its all done for a cause. So yes its time our government was brutally honest with its citizens at least I could accept that.

0
Vote up  |  Vote down   Reply    Report
Share   
angela clarke says:
24 August 2016

Replacing Passwords.
Fingerprint instead of password may seem a good option but this won’t work for people, like me, who have naturally dry skin and very smooth fingers (or others whose fingerprints are made smooth by certain prescription drugs). My iphone doesn’t register my print at all; and twice I have had nasty problems at Immigration Control at airports in the USA, because my print wouldn’t register on their scanners.
Making up an efficient password is well worth the bother!

0
Vote up  |  Vote down   Reply    Report
Share   
chris says:
2 September 2016

good share

0
Vote up  |  Vote down   Reply    Report
Share   
Gillie says:
25 April 2018

WHICH Do you plan to review Password Managers?

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
duncan lucas says:
25 April 2018

You mean ones like Last Pass Gillie that was hacked? Guess where Last Pass store them ?- the Cloud by no means the super “invulnerable” place its made out to be. The good points are its stored in the one place and you don’t have to remember a whole string of passwords –the bad points are –its stored in the one place and needs only one password to access it. This is down to computer security, a Keylogger makes it all look stupid if your computer is inheritably unsafe or your sloppy and don’t take care then it’s going to get hacked eventually. I am certainly not trying to frighten you just being realistic and telling you what the adverts WONT tell you. Where do I keep my passwords ? in a Reporters Notepad written down –try hacking that. I could add a lot more but maybe Which will do a convo on it so I will save my comments for the future.

0
Vote up  |  Vote down   Reply    Report
Share   
Alex Whittle says:
25 April 2018

Hi Gillie, we don’t have any plans to review password managers at the moment, but I have passed your comments on to our tech team.

0
Vote up  |  Vote down   Reply    Report
Share   
 

Related discussions