Skip to content

Bring That Stuff On

All the stuff, all the time…

  • Home
  • About
  • Damien’s Posts
  • Quinzy’s Posts
  • Haimisin’s Science Blog
  • Downloads
  • Home
  • 2020
  • December
  • Your Password is not Secure…

Your Password is not Secure…

Posted on 13/12/202013/12/2020 By Quinzy Beardsdale 1 Comment on Your Password is not Secure…
Cybersecurity, Quinzy

Damien re-posted one of his earlier blog posts yesterday, talking about creating a secure password. I’m here to tell you that your password is not secure. Yes, you can take steps to make it hard to compromise a password, but ultimately there’s always chance it will be compromised as technology improves. Also, it only takes someone watching you as you enter it in for it to be compromised.

As it stands, people have been using Amazon and Google cloud infrastructure to crack hashes for at least 10 years now. A quick google search will find a guide or two on how to set this up cheaply or for free. Taking this into account, relying only on a password for anything other than the most trivial of accounts or data is just asking for trouble.

You might be asking yourself how to protect valuable data right about now, and the answer is multi-factor authentication. Multi-factor authentication proves that a person is who they say they are by comparing a number of different things. Typically these are something you know (e.g. your password), something you have (e.g. a security token) or something you are (e.g. your fingerprint). Two factor authentication (2FA) is becoming more common these days, and typically involves either entering a number from a security token/app, by entering a code sent to the user via email or by plugging in a USB device.

While SMS 2FA might be convenient, it can’t be regarded as completely secure. It is possible for a SIM card to be cloned, allowing the confirmation code to be intercepted by an attacker. A better option is to use a hardware token that randomly generates codes to enter, or is plugged in to a USB port. It is even possible to get apps on smart phones that will generate codes.

Our third factor is something you are, which is typically either a fingerprint, a voice print, or an iris/retina scan. These offer better security, but still can be spoofed. For example, a simple photograph has been used to clone a fingerprint and a photograph of someone’s eye and a contact lens can be used to bypass an iris scanner.

Thankfully there are solutions to this problem being developed, such as Project Stealth Tech. Stealth is a wearable device placed inside the mouth. It scans the ridges on the roof of the mouth much, like a finger print (something you are). In addition, the device utilises the tongue’s senses to deliver a “code”, which the user must respond to with their tongue in a specific way (something you know). Obviously the device itself is the something you have.

This has the benefit of being difficult to spoof (no easy to grab finger prints or photos of irises), and apparently more unique than finger prints. It also has the benefit of being unseen. I do have to wonder, though, how comfortable it is to wear for extended periods of time, and how it would interfere with speech. Either way, this is probably something worth keeping an eye on.

Quinzy Beardsdale

Just a collection of protons, neutrons and electrons…

Tags: 2FA Multi-factor Authentication Passwords Two Factor Authentication

Post navigation

❮ Previous Post: Is your password really secure?
Next Post: So, You Want to be a Hacker… ❯

You may also like

Cybersecurity
Is your password really secure?
12/12/2020
Cybersecurity
Advent of Cyber Update
09/12/2020
Cybersecurity
Well, I’ll be Damned…
07/12/2020
Cybersecurity
Advent of Cyber
03/12/2020

One thought on “Your Password is not Secure…”

  1. Pingback: Passwords for the Win! – Bring That Stuff On

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

  • Apple
  • Astronomy
  • Cybersecurity
  • Damien
  • Discworld
  • eBay
  • Haimisin
  • Magic Tricks
  • Minecraft
  • Odds 'n Ends
  • Quinzy
  • Science
  • Technology

Search

Archives

  • September 2023
  • January 2023
  • December 2022
  • July 2022
  • January 2022
  • November 2021
  • June 2021
  • May 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020

Tags

Advent of Cyber (2) Apple (2) Arch Linux (2) Ask to Buy (1) AstroBook (2) Astronomy (2) Astrophotography (3) Bad Customer Service (2) Camera (1) Cards (3) Card Trick (2) Cybersecurity (5) Debian (1) eBay (2) Fix (1) Kludge (1) Laptop (1) Linux (9) Linux From Scratch (3) MacBook Pro (2) Magic (2) Magic Trick (2) Meteor Shower (1) Minecraft (1) Missing Installations (1) New Launcher (1) New Year (1) Pass Phrase Generator (1) Pass Phrases (1) Password Generator (1) Passwords (2) Paswords (1) Python (2) Quinzy (1) Science (4) Security (2) Security Monitoring (1) Shafted (2) SIEM (2) Si Stebbins (2) Static Electricity (1) Technology (4) TryHackMe (2) Tutorial (2) Work Around (1)
  • Facebook
  • Twitter
  • Instagram

Copyright © 2023 Bring That Stuff On.

Theme: Oceanly News Dark by ScriptsTown