Password, such a common word and thanks to digitization of our world, this has become part of our every minute. So, what is a password and where did it start from, where are we today and what is the future.
I think in future, we would NOT have any passwords… Aah, how is that possible, our life depends on digital devices and access to our digital world and they all need a password, so how would we survive without a password. Well, we shall discuss that a bit later, but first let’s look at what is a password and its history.
A password, sometimes called a passcode, is a memorized secret used to confirm the identity of a
user. A very simple process is followed as a protocol; The secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant’s identity.
Passwords came into being in olden days, when we did not have means or methods of sending across identities of people, hence a password or passcode was shared, also called “what is the secret word/phrase”. There were objects also, which were used to prove one’s identity like a finger ring, or some other ornament. Another unique method was an object divided into two or more parts and each party possessed one part/piece. To claim their identity, one had to show that part/piece, like piece of a torn currency note or piece of a picture, etc., remember those old movies where smuggling happened by proving one’s identity with a piece of torn currency note.
Fast forward to digital age where a password is generally an arbitrary sequence of characters, which may include letters, digits, or other symbols. If the verifier constrains the password to be numeric, the corresponding secret is then also called a personal identification number (PIN).
Despite its name, a password need not be an actual word; in fact a non-word may be harder to guess, which is a desirable characteristic of passwords. A memorized secret consisting of a sequence of letters or words or other text separated by spaces is sometimes called a passphrase. A passphrase is similar to a password in usage, but the former is generally longer for added security.
Passwords in military use evolved to include not just a password, but a password and a counter password; for example, in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password flash” which was presented as a challenge and answered with the correct response “thunder”. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.
Passwords have been used with computers since the earliest days of computing. The Compatible Time-Sharing System (CTSS), an operating system introduced at MIT in 1961, was the first computer system to implement password login. CTSS had a LOGIN command that requested a user password. "After typing PASSWORD, the system turned off the printing mechanism. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protect their computers , mobile phones, ATMs, etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.
We generally opt for an easier password because it is easy to remember, also we usually keep one password/passcode for multiple accesses. Well one must remember that easier a password is for the owner to remember generally means it will be easier for a hacker to guess. However, on a flip side, passwords which are difficult to remember may also compromise on the security because (a) users might need to write down or electronically store the password on their mobile phone or on computer, (b) users are more likely to re-use the same password across different accounts. Similarly, the more difficult the password requirements from the verifier, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users would reluctantly adhere to the system. There are few who would state that longer passwords provide more security than shorter passwords with a wide variety of characters, this is debatable and am not getting into that.
Few good options of making your passwords which can be relatively difficult to hack are;
· Abusive words
· Words of one language written in different language like “NikloYahanSe”
· Mix up words and letters with special characters like instead of “GREAT”, type “Gr8” or “gRe@t”
· Random words like “Monday”
· Combining two or more unrelated words and altering some of the letters to special characters or numbers like “moNGloBot”, which is “Monday Glow Bottle” or “g@rDeN1&5$pr0m0Ti0n”, which is “Garden 15 Promotion” with few special characters
· Think of a phrase and take the first letter of each word like “qbfjolod” which is “Quick Brown Fox Jumps Over Lazy Old Dog”.
However, asking or hoping one to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking or hoping one to remember a sequence of bits. Also asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' for '3' and 'I' for '1', substitutions which are well known to hackers. Similarly typing the password one keyboard row higher is a common trick known to hackers. Which leads me to hacking. Well hackers today have become extremely smart and all the above methods of passwords, passcodes, passphrase or PIN, are redundant. A hacker need not know what your password is, they can hack into using the pattern of your keystrokes, so pattern password which quite a few mobile phone companies provide that as an option, is no strong password protection proof. There is even better method now being used, which is cloning of your phone, where what ever you type, it may show masked on your device, but it is unmasked on hacker’s device.
In short, what ever is your password or passcode, if the device does not have a technology to stop the entry, it will be hacked. What does “Entry” mean here, well it is the door or window which allows the outside world to peek or enter your device. This door and widow is much more bigger and always open in Open Source System Platforms like Android, Linux etc, and challenging in Proprietary Platforms like UNIX, Windows, iOS, etc, unless the manufacturer opens the door for the outside world. Whatever the system, one is using, if you are connected to Internet, then your chances of being hacked will always exist. It is like staying indoors and locking your house will protect you to a larger extend from thieves or accidents, but the moment you step out, whatever protective layer you wear, chances are that you will get impacted.
This leads me to the adage what I started with, in future there would be no passwords. I think, for
now the most safest (still not 100% hacker proof) password is use of Bio-metrics. This
has started to get into mainstream with devices like laptops, mobile phones, entry doors, attendance, etc using iris scan, facial scan, finger scan etc. This is still in bit more than initial stages, and in coming years we would see much more advancements in this sector. Probably we would have chips embedded in our bodies and they would be our passcodes, or there would be dual authentication of bio-scan and voice-scan. In future, I also foresee a more personal scan, which would be our DNA-scan, and this will be a live DNA, that is oxygen and fluids are passing through our DNAs.
All this means that text as password or passcodes will be redundant and scanning will be the only method to verify our identity.
Natural progression: Text to Scan… what’s next? I don’t know.
Excellent info... Keep it coming
ReplyDeleteGanesh
ReplyDelete