NPR logo

Hunting For A Password That Only You Will Know

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Hunting For A Password That Only You Will Know

Hunting For A Password That Only You Will Know

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


From NPR News, it's ALL THINGS CONSIDERED. I'm Michele Norris.


I'm Robert Siegel.

And it's time now for All Tech Considered.

(Soundbite of music)

Today, personal cyber security. And first, passwords. Almost everyone has got one or two, or maybe 10. But passwords are vulnerable and perhaps not the best way to protect your digital identity.

As we hear from NPR's Hansi Lo Wang, computer scientists have been trying to crack the code on the next generation of passwords. And one researcher says all you may need is a squirrel.

(Soundbite of TV show, "Rocky and Bullwinkle Show")

Ms. JUNE FORAY (Actor): (as Rocky) I'm Rocky, the flying squirrel.

HANSI LO WANG: No, not that squirrel. Just a squirrel. Then security expert Markus Jakobsson says just imagine...

Dr. MARKUS JAKOBSSON (Computer Security Researcher): Maybe you went jogging in the forest, and you stepped on a squirrel.

WANG: Oops. Sorry, Rocky. But Jakobsson says that's one way to create a strong password.

Dr. JAKOBSSON: Think of a story. Turn it into three important words of the story.

WANG: And instead of punching in a random series of characters on a computer or a smartphone, users just need a three-word combination from a story they will remember. Jakobsson says the more bizarre...

Dr. JAKOBSSON: Jogging, forest, squirrel.

WANG: ...the less likely a hacker will be able to get into your account. And the more likely you'll be able to remember it. That's a good thing because technology writer Clive Thompson says our memories are lousy.

Mr. CLIVE THOMPSON (Technology Writer): Everyone knows that they should have a password that is harder to guess. But the truth is, we humans are pretty bad at remembering characters that make for a really strong password.

WANG: How bad are we at passwords? Well, earlier this month Hotmail announced new email users will be banned from using passwords like - well, password, 123456, and ilovecats. Weak or even nonexistent passwords were at least partly to blame for security breaches of voicemail accounts in the recent U.K. phone-hacking scandal.

There are other options for authentication. Ed Felten is chief technologist for the Federal Trade Commission, and he says security researchers group all the different ways a user can prove his or her identity into three categories.

Dr. ED FELTEN (Chief Technologist, Federal Trade Commission): Something you know, like a password; something that you have, like some kind of an object or a physical key, like we unlock our doors with; or something you are. That is, some aspect of your body or your physical person.

WANG: Our memories are bad with passwords, and we can easily lose a key. So some researchers have turned their focus to biometrics - that is, using parts of your body as I.D.

(Soundbite of crashing metal)

WANG: Just like in the movie "Minority Report."

(Soundbite of movie, "Minority Report")

TOM CRUISE (Actor): (as John Anderton) Look at me.

Unidentified Man (Actor): (as character) Positive for Howard Marks.

WANG: It's the year 2054, when a quick scan of your eyes can tell a computer who you are. Tom Cruise's character is on the run from the law, desperate to change his identity. So he finds an underground eye surgeon.

(Soundbite of movie, "Minority Report")

Mr. PETER STORMARE (Actor): (as Dr. Solomon Eddie) All I'm trying to tell you is that I'll have to remove your eyes completely. And I have to replace them with new ones.

WANG: OK, this is a bit extreme. But engineering psychologist Kelly Caine says one of the main reasons why we haven't seen a wide use of biometrics instead of passwords is...

Dr. KELLY CAINE (Center for Law, Ethics, and Applied Research Health Information): Your credentials - so your face, your iris, or your fingerprint -can't be re-issued if they get compromised.

WANG: So Ed Felten says the best way to protect your digital identity is using multiple layers of security with passwords.

Dr. FELTEN: The familiar passwords are not perfect. They're far from perfect. But they are the easiest alternative for now.

WANG: That means for the time being, passwords are here to stay. Of course, you can always go with a good story. Just make sure it doesn't involve jogging, forests or squirrels.

Hansi Lo Wang, NPR News.

Copyright © 2011 NPR. All rights reserved. Visit our website terms of use and permissions pages at for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.