We Need to Get Better at Password Protection

This whole Sony hack should teach us, above all else, a lesson on password security.
Author:
Publish date:
'The Interview' promotional poster. (Photo: Columbia Pictures)

'The Interview' promotional poster. (Photo: Columbia Pictures)

The Sony hack brought on heaping piles of media-on-celebrity gossip, celebrity-on-media backlash, and media-on-media analysis. Then, of course, there was the White House’s promised rebuttal, that “wait, did North Korea really hack us?” moment, and now, North Korea’s own Internet blackout.

Much of this media cycle has focused on the ripe celebrity scoops—Angelina Jolie is a brat! Joel McHale likes discounts on his electronics!—as well as this boiling tension between the United States and North Korea.

Outside of international relations and America's obsession with Hollywood, these hacks have implications for all of us. On a micro level, this Sony ordeal is yet another reminder of how fragile our online presence is. It highlights the need for individuals to protect their online privacy—something that nearly half of American adults learned the hard way in 2014.

On a micro level, this Sony ordeal is yet another reminder of how fragile our online presence is. It highlights the need for individuals to protect their online privacy—something that nearly half of American adults learned the hard way in 2014.

New research out of Plymouth University, in England, gives some empirical perspective to this cautionary tale. Professor Steve Furnell, director of Plymouth’s Centre for Security, Communications and Network Research, investigated the password security of 10 of the world’s biggest websites—companies like Facebook, Google, Twitter, and Amazon. According to Furnell’s research, these tech giants all come up short when it comes to password guidance. They fail, that is, to stress to users the importance of setting an effective, unique password.

"Although I don’t think the study has a direct relationship to [these] recent attacks," Furnell says, "I would say that cybersecurity in all its guises is going to be demanding more attention, if we are going to achieve effective safeguards in the future."

Furnell’s study, which appears in the latest issue of Computer Fraud and Security, used the Alexa rankings to mine through most-visited websites in August. (He excluded partner sites. YouTube, for example, uses a Google login.) Assessing the “guidance” given to password-creating users, Furnell monitored which sites explained the importance of a strong password, and encouraged diversity with online passwords.

Furnell counted 30 opportunities for websites to offer more meaningful password advice; only a third of those were taken. LinkedIn and Twitter are cited for accepting passwords that, by their own algorithms, are “weaker” choices, as is Yahoo!, for not keeping consistent password requirements for those people renewing a password.

"Providing suitably explanatory guidance will give users a fighting chance to understand why passwords are presenting all these hoops for them to jump through," Furnell says. "[Sites] are storing sensitive details about their users, and arguably have a duty to help them to ensure that it is properly safeguarded wherever possible."

This might seem nit-picky, but personal computers—and government desktops—are being hacked on an increasingly frequent basis. Hell, not even the big banks are safe. We need to be smarter with our passwords. It would be helpful to get some encouragement from the companies requiring them in the first place.

Related