As of August 2016, Dropbox is dying

Why the password doesn't die yet

Many users still rely on easily crackable passwords. There are numerous alternative protection options. But the perfect one has yet to be developed.

The search for “death of the password” yields 40,000 Google hits. Because it has been discussed for years. The debate about the security of login data apparently continues to pass many users. As recently read in a study by the Potsdam Hasso Plattner Institute for Software System Technology (HPI), many users still rely on bad, i.e. easily crackable, passwords such as 123456 or password.

The past year has brought numerous improvements in the protection of accounts. For example, Yahoo made its new mail app available for download for iOS and Android in October. You can use it to log into the Yahoo website without a password. Users receive information such as the browser used and the approximate location of the computer via push notification. The app can then be used to approve the login process. The whole thing is called Yahoo Account Key.

Two-factor authentication

Other providers rely on two-way registration to secure the login. For example, you can have Facebook send you a code to your smartphone that you have to enter in addition to the password. Since August, users of the Dropbox cloud storage can also use a U2F token in the form of a USB stick in addition to their password to secure their account. U2F is a standard for two-factor registration, in the development of which Google, among others, is involved.

However, if you ask around in the IT industry, you will learn that hardly anyone makes use of these opportunities. Many users apparently find the options uncomfortable. This is probably one of the reasons why many users use one password for several services, which is good news for data thieves because they then gain access to various websites. In addition, even the simplest rules are often neglected: Upper and lower case, special characters and numbers should be the minimum standard when choosing a password in 2016. If you have difficulty memorizing a lot of passwords, we recommend password managers such as Lastpass or Dashlane. These protect login data with a password.

Brain waves measured

Fingerprint sensors such as in the iPhone or iris recognition in the Lumia 950 XL smartphone go in the right direction in terms of convenience, despite security risks, as do speech analysis or face scans. However, none of the methods works under all conditions and on all devices, i.e. in noisy surroundings or in poor lighting conditions on all standard notebooks. The emoji passcodes presented by Intelligent Environments in the summer are easier to remember, but of course they can also be cracked.

In 2015, researchers from the University of Binghampton presented their “Brainprint” project. 45 test persons processed abbreviations differently, which could be read from their brain waves. In 94 percent of the cases, these users could be correctly assigned. However, the scientists have not yet revealed when the technology should be ready for the market. This may also be due to the fact that the study participants had to think about an abbreviation for several minutes.

Registration by bracelet

IT entrepreneur John McAfee recently clearly exceeded the funding target of $ 20,000 on Indiegogo for his Everykey project. Crowdfunding has already raised $ 100,000, and the campaign will run for another week. McAfee wants to provide users with a kind of USB stick and a wristband with which they can not only log into websites without having to enter their password. Doors, for example, should also be able to be opened in this way.

"The perfect solution, however, probably combines factors such as the WiFi you are in or a paired Bluetooth device with biometric factors," wrote Richard Reiner, CTO of Intel Security, in a guest post on this week. Added to this is the safeguarding of the multi-factor registration by means of user information that is stored deep in the device. This would also make social engineering attacks more difficult, in which attackers try to find out the answers to security questions such as the name of the first pet via social networks. “In order to achieve the breakthrough, such a solution would have to run on all websites and in all apps that users already use,” says Reiner, and for this, of course, it would have to be possible to integrate all previously used passwords with little effort.

You can network with digital editor Henning Steier on Twitter, Google+, LinkedIn and Xing or subscribe to his posts on Facebook. You can also order the free weekday digital newsletter.

More on the subject: