Pass On Passwords

Think for a moment about your bank account password. There's a good chance it's a string of letters and numbers you know by heart, could type in your sleep, and have been using for years. You probably use it for at least one other website, too—a security study last year found that 73 percent of people use their bank password elsewhere.

Now imagine this: What if just one of those websites was hacked and your password was stolen? How much of the rest of your private life would suddenly be blown open?

Earlier this week, Sony admitted that the security of its PlayStation Network, an online distribution and matchmaking system for the PlayStation 3 console, had been compromised. Hackers obtained 75 million addresses, passwords, email addresses, and answers to their security questions, and they may have even obtained credit card numbers and security codes.

When a small company operating a large web service gets hacked, it's not a huge surprise. Dating websites eHarmony and PlentyOfFish.com, as well as blog website Gawker have all been hacked in the last six months. But the attack on Sony is a sign that even a huge, multinational company can have trouble keeping personal data safe. Harvard is hardly immune: in 2008, someone broke into a GSAS website and may have taken applicant Social Security numbers.

Sony plans to keep its network offline as long as it takes to tighten security. However, there are plenty of other low-security websites that hackers could target, and they could use the passwords stored there to unlock other services. Encrypting the passwords might prevent some hackers from reading them, but any encoding system can be decoded, as the Gawker case showed.

For years, a solution to the stolen password problem preached by IT professionals was for users to pick a different password for every service and change them often. But strong passwords with numbers and letters and mixed cases are hard to remember, especially if there are a lot of them and they keep changing, so people don't always use them. Worse, companies have long barred their employees from writing down work passwords, saddling users with an even greater memory burden. It's not surprising that over 3,000 users Gawker users had "123456" as their password.

Realizing that no one could possibly remember 68 different strings of garbled nonsense, a Microsoft security guru suggested in 2005 that people should be allowed to write down their passwords if it helped make each one stronger. But storing all of your passwords in a Rolodex means someone who robs your desk can easily empty your bank account, too.

The reality is that passwords are a flawed model for security, and we use them only because they're easy to set up. In addition, passwords have many hidden costs, both in additional support staff (40 percet of help desk calls are for lost passwords) and lost productivity. There is also the time spent logging in. Take a simple back-of-the-envelope calculation about the Harvard authentication process: Typing in my HUID and password and waiting for the page to reload only takes 10 seconds, but if I multiply that by the average number of times I do this per day (about four) and the number of days in the year I visit a Harvard website (about 180) times my four years in college, it adds up to eight full hours of my life I'll never get back.

Security experts have recently advocated two-factor identification systems, which pair a password with something physical, like an ID card or a one-time access code sent to a mobile phone. That is, pairing something you know with something you possess. Google added an optional two-factor login for Gmail earlier this year. It's true that two-factor authentication increases security. But the process of authentication doesn't need to be made more complicated, it should be simpler.

One solution has been known for years: biometrics. The term is a catch-all for procedures that act on some aspect of the human body, from fingerprint and retinal scanners to systems that analyze gait or typing pattern. Biometrics as they now stand suffer from a host of problems, including the fact that they can be slow, they can't be canceled and re-issued when stolen, or that they might encourage thieves to steal body parts.

However, it is easy to imagine a solution that gives users the option to use non-invasive biometrics, conventional passwords, or two-factor systems alone or in tandem, achieving greater security for everyone while also providing greater ease-of-use for those who desire it. Many laptops now ship with fingerprint scanners or facial recognition software, and manufacturers will gladly standardize these features, as well as provide more, if the market demands it.

There is no magic bullet that will secure the internet in one step, but the current password framework is broken, and it won't take many more attacks like Sony's before everyone realizes it.

Adam R. Gold ‘11 is a physics concentrator in Adams House. His column appears on alternate Fridays.