How Can We Fix the Password System?

So the news of the day (when you’re not freaking out over Ebola) is that 1.2 billion passwords have been stolen by a Russian criminal group. What have these nefarious masterminds been doing with all of this illicit information?

Sending weight-loss pill spam.

Boo yah.

Of course, it stops being funny and starts being alarming when you take a minute to think about what can be done with a few key passwords. Those passwords can lead people to more sensitive accounts, from which they can continue their merry way into who knows where.

I read stories like this, and I shake my head, but really, I’m beginning to wonder if something’s going to have to be done soon to fix the way passwords are handled. Somehow. Because it seems like every other day that a new major company is having to admit that their password database got hacked. If we all switched our passwords as often as they asked us to, we’d be changing them every month or two, which is just–

What we’re supposed to do, from a security standpoint.

The problem is there needs to somehow be a balance between ease of use and actual security. People are inherently lazy when it comes to things they don’t perceive as an immediate threat. And hackers? Not an immediate threat. So why come up with an involved password system when you can just type in 12345 each time you have to do something online? Especially when you know that your elaborate, secure password will have to be changed in 180 days or something.

And don’t get me started on all the various password flavors out there. Some need capital letters. Some can’t have them. Some need numbers or symbols. Some can’t have them. It’s like all of these sites assume users have no other security needs than that one site.

It’s just not sustainable.

So fellow techies out there, a bit of help please. I know about password management software and sites, and I’ve looked into them some, but haven’t really committed at this point. Have any of you used them? Are they more secure? Any pointers you’d like to offer, or insight you can give?

Because at this point, I’m really close to just throwing my hands up in the air and not caring anymore. And I know that’s not a good place to be in. (I also know that if I’m close to there, then a whole ton of people are already well past it . . .)

If only all our hacking problems could be solved by typing “cookie.”

2 thoughts on “How Can We Fix the Password System?”

  1. I am teetering on the point of having passwords that only keep me out of accounts. I only know some rare passwords, (e.g. the weird federal inmate email website that requires 10 characters) that only get used a few times a year, because I email the passwords to myself in an easily searched format. If you can get into my email, you can get into everything else except my checking account.

    We’re doomed.

Leave a comment