/ Money, Technology

Would you be happy to say goodbye to passwords?

Passwords

Barclays phone banking customers will be able to use voice recognition technology instead of passwords as security checks. So are we seeing the beginning of the end of passwords?

The name of a first pet, a river in Northumberland or the first song played at your wedding may seem to have little in common. But they are all among the things people in our office have used to create online security passwords…

Password problems

In my own case, you could probably put together a fairly accurate (though not very interesting) biography of my life from passwords I’ve used over the years. I must confess, I’ve previously raided family names, nicknames and birthdays in an effort to make them memorable.

This is of course a classic security error. While it might be pretty tough to guess the name of the first song at your wedding (in this case the unfortunately named ‘Runaway’ by The Corrs), family names are all too easy to guess or find out.

But let’s face it, when you have to come up with and remember passwords for dozens of different websites many of us have at some time taken a security shortcut.

Although it’s still hard to believe that the three most used passwords of last year were‘123456’, ‘qwerty’ and ‘password’…

We’ve previously set our computer helpdesk the challenge of creating the perfect online password but even if you do create secure and unguessable passwords, there is the question of how many you actually need to have.

There’s no getting around it, having to remember multiple passwords is a pain, which is perhaps one reason many people now use password manager websites.

Another shortcut some try is to either use the same two or three passwords across different sites, which of course has its own issues. And I’ve even heard of people who use different groups of passwords for different sites – different types of animals for financial sites for example. Though even then you’ve still got to remember whether cat or dog means NatWest.

The end of the password?

Well alternatives to passwords seem certain to play an ever-increasing role. Other banks, including HSBC, are set to follow with using voice recognition, while other websites, apps and phones are starting to use fingerprints to verify identities.

But for now it certainly seems that passwords and the problem of creating ones that are both secure and easy to remember are set to stay for now.

Do you have a failsafe system for remembering your passwords? Would you be happy to see the back of them?

Comments

This comment was removed at the request of the user

“malcolm r says: Today 13:51
dieseltaylor, given the “professional” publications around on money matters do you think Which? does enough research, and has sufficient knowledge and expertise, to present fair assessments of particular financial issues? I would hope it would consult with appropriate bodies before going into print and stirring up passions.”

I cannot afford to buy more than one Which? publication but occasionally I do get the Money Which? magazine. The latest one being December 2015 which I picked up at the AGM.

It is better than the Which? mag in being information dense but in itself it looks purely at personal finance. And like all such magazines most of the content deals with current issues and taxation. Useful for those with money. Its circulation is also quite small. Perhaps undeservedly small.

There is also the question such as p25 on “How do tracker Funds generate a profit?” which as it mentions simply “stock-lending” I found a little disingenuous given how stock-lending can work.
” The Kay review argued that the risks associated with stock lending were borne by the investor so there was a divergence between the recipient of the income (the fund manager and the investor) and the bearer of the risk (the investor alone). This divergence, said the Kay review, could provide an inappropriate incentive to engage in stock lending and, more broadly, was inconsistent with fiduciary principles.” 2012

You may wonder why the answer did not cover the apparent small percentage charged by trackers if multiplied by the odd hundred of millions of pounds invested is a tidy sum for tracking an existing index. BlackRock Equity D makes around £5m from the £8,383,000,000 invested on £0.06 fee. It also takes 37.5% of the money raised from stock lending.

Broader matters like the security of payment systems, the digital economy and those disadvantaged by it , are far more general issues which need the widest audience. For instance the annual cost to an employee on his AE pension could be 100% more if he is not enrolled in NEST but in other providers. The idea that each year you pay 0.75% of your pension pot to the pension fund manager rather than 0.3% would seem laughable.

I’d welcome anything safe and sure to avoid using passwords. I’m pass worded up to the hilt and have to consult a list of them to proceed with online finances.
To enter my bank account I have to use: a customer number of 10 digits, an online pin number and a 10 character password. In addition to that I sometimes have to use a card reader for certain transactions.
It takes me so long to get passed the security page they flag up a banner asking me if I’m having trouble entering the system…….”Yes I am I often shout at the screen.”
I know that writing down passwords is not recommended but I need to and keep them safely locked away.

One of the simplest and most effective way of limiting password theft and hacking is to impose the most draconian punishments on those who seek to swindle people by using this method. Strip them of ALL their assets and any passed on to others. Send them to forced labour camps and deprive them of their freedom. Do this for many years to make their lives as uncomfortable as they made the lives of their victims.

How long before scammers find a way of recording your voice and playing it back to gain access?

This comment was removed at the request of the user

Senior C says:
11 August 2016

I find it very frustrating to be forced to conjure up – and then remember- a complex password for access to a mundane site. Where there is little financial or other significant risk, could not the security advisers be content with a short and undemanding password that one stands a chance of remembering?

This comment was removed at the request of the user

As Duncan says it is not a good idea to use something that others might readily guess, e.g. “password”.

The trick is to use something that you can easily remember but not easy for others to guess.

Rules for scrambling the letters can also be remembered and used.

For example “p455w0rd” would be better than “password” – here I’ve replaced letters by numbers, if a letter has more or less the same shape as a number.

“p455W0rd” would be better still because I’ve now made the 2nd (not the first) letter upper case.

A further improvement would be “p455W0r#d” – here I’ve added one of those dreadful special characters after the 3rd letter.

I still wouldn’t recommend starting from “password” but “p455W0r#d” would be much harder to hack.

Long passphrases are much better too, e.g. one might start from “Peter Always Seriously Studies Which? On Rainy Days” or something like that. If however, you are useless at typing, like I am, you won’t want to have too long a phrase, because you’ll need to avoid problems with typing errors.

Fingerprint recognition works well on my iPhone 6 but not entirely reliably. I find that if my fingers are damp, slightly damaged from rough work or whatever, and sometimes for no obvious reason, it doesn’t work. I wouldn’t want it to replace other verification methods entirely.

I use a downloadable commercial programme site, which has a password generator, to store my passwords which are protected with a master password. It automatically allows me to enter my password with one click when logging on to a site which requires a password. You can also securely store other information. Is this system (without naming it) safe?

We make a rod for our own back by over rating freedom[usually license], and in general the institutions that should lead do not. Just simple things like being able to withhold telephone numbers, why? surely it encourages crime rather than promoting choice. Questions must be asked, how does society stop the things happening it wishes to prevent, what is the only way, what is the perfect way, and what is the practical way. And what “Holy Cow” is preventing us accomplishing it, how important is its continuation?

This comment was removed at the request of the user

Replacing Passwords.
Fingerprint instead of password may seem a good option but this won’t work for people, like me, who have naturally dry skin and very smooth fingers (or others whose fingerprints are made smooth by certain prescription drugs). My iphone doesn’t register my print at all; and twice I have had nasty problems at Immigration Control at airports in the USA, because my print wouldn’t register on their scanners.
Making up an efficient password is well worth the bother!

good share

Gillie says:
25 April 2018

WHICH Do you plan to review Password Managers?

This comment was removed at the request of the user

Hi Gillie, we don’t have any plans to review password managers at the moment, but I have passed your comments on to our tech team.