Op-Ed: It's Time To Fix Our Broken Password System

Many of us use the same password in multiple locations, which can leave us vulnerable to hacking. i i

hide captionMany of us use the same password in multiple locations, which can leave us vulnerable to hacking.

iStockphoto.com
Many of us use the same password in multiple locations, which can leave us vulnerable to hacking.

Many of us use the same password in multiple locations, which can leave us vulnerable to hacking.

iStockphoto.com

You need one password to log in to your computer, another for your smartphone, one for your email, for your bank, your music collection, your Twitter, Facebook and LinkedIn accounts. Experts tell us those passwords should be long, contain numbers, letters and symbols and not include personal information like birth dates. Oh, and you're supposed to remember them all, too.

In a piece for The Atlantic, Rachel Swaby argues, "We're required to take downright ridiculous precautions to maintain our online security, and it's not sustainable. In fact, it never was. Our password system is broken, and it's about time we change it."

Swaby tells NPR's Neal Conan that the devices we use every day — smartphones, tablets — have enabled password innovation, thanks to their touchscreens. For example, "if you have an Android phone, you can kind of make a pattern over some dots and have that as your login." And with the new version of Windows, "they allow you to look at a picture and kind of trace some dots across a picture. So if you have a picture of your family, you can connect all of the noses, and that would be your login."

But even those types of logins have possible pitfalls, she explains. Some people "are nervous about that because ... you can see the smudge on a screen, and so maybe that could be used to get into a phone."

And the biggest problem is that the password system has been around so long, which makes it hard to change. "Security experts recommend that we have 14-character passwords that don't contain dictionary words. It's kind of a random string of symbols and letters and numbers," says Swaby. "And, you know, if you do that across some 40-odd sites that [require logins], then we should be [protected], but that's hard."

So, until the death of the password, Swaby recommends a service called 1Password. It generates really tough passwords for all your online accounts, "and it will keep them for you so you don't actually have to remember them." Then, all you need to remember is one password to access the rest. "That's a good start."

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

Support comes from: