Hunting For A Password That Only You Will Know A random combination of letters and numbers may no longer be enough to protect your identity. But while experts are researching alternatives, passwords with multiple layers of security will have to do.
NPR logo

Hunting For A Password That Only You Will Know

  • Download
  • <iframe src="https://www.npr.org/player/embed/138672758/138683215" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Hunting For A Password That Only You Will Know

Hunting For A Password That Only You Will Know

  • Download
  • <iframe src="https://www.npr.org/player/embed/138672758/138683215" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

MICHELE NORRIS, Host:

From NPR News, it's ALL THINGS CONSIDERED. I'm Michele Norris.

ROBERT SIEGEL, Host:

As we hear from NPR's Hansi Lo Wang, computer scientists have been trying to crack the code on the next generation of passwords. And one researcher says all you may need is a squirrel.

(SOUNDBITE OF MUSIC)

(SOUNDBITE OF TV SHOW, "ROCKY AND BULLWINKLE SHOW")

NORRIS: (as Rocky) I'm Rocky, the flying squirrel.

HANSI LO WANG: No, not that squirrel. Just a squirrel. Then security expert Markus Jakobsson says just imagine...

D: Maybe you went jogging in the forest, and you stepped on a squirrel.

LO WANG: Oops. Sorry, Rocky. But Jakobsson says that's one way to create a strong password.

D: Think of a story. Turn it into three important words of the story.

LO WANG: And instead of punching in a random series of characters on a computer or a smartphone, users just need a three-word combination from a story they will remember. Jakobsson says the more bizarre...

D: Jogging, forest, squirrel.

LO WANG: ...the less likely a hacker will be able to get into your account. And the more likely you'll be able to remember it. That's a good thing because technology writer Clive Thompson says our memories are lousy.

NORRIS: Everyone knows that they should have a password that is harder to guess. But the truth is, we humans are pretty bad at remembering characters that make for a really strong password.

LO WANG: There are other options for authentication. Ed Felten is chief technologist for the Federal Trade Commission, and he says security researchers group all the different ways a user can prove his or her identity into three categories.

D: Something you know, like a password; something that you have, like some kind of an object or a physical key, like we unlock our doors with; or something you are. That is, some aspect of your body or your physical person.

LO WANG: Our memories are bad with passwords, and we can easily lose a key. So some researchers have turned their focus to biometrics - that is, using parts of your body as I.D.

(SOUNDBITE OF CRASHING METAL)

LO WANG: Just like in the movie "Minority Report."

(SOUNDBITE OF MOVIE, "MINORITY REPORT")

TOM CRUISE: (as John Anderton) Look at me.

CRUISE: (as character) Positive for Howard Marks.

LO WANG: It's the year 2054, when a quick scan of your eyes can tell a computer who you are. Tom Cruise's character is on the run from the law, desperate to change his identity. So he finds an underground eye surgeon.

(SOUNDBITE OF MOVIE, "MINORITY REPORT")

NORRIS: (as Dr. Solomon Eddie) All I'm trying to tell you is that I'll have to remove your eyes completely. And I have to replace them with new ones.

LO WANG: OK, this is a bit extreme. But engineering psychologist Kelly Caine says one of the main reasons why we haven't seen a wide use of biometrics instead of passwords is...

D: Your credentials - so your face, your iris, or your fingerprint - can't be re-issued if they get compromised.

LO WANG: So Ed Felten says the best way to protect your digital identity is using multiple layers of security with passwords.

D: The familiar passwords are not perfect. They're far from perfect. But they are the easiest alternative for now.

LO WANG: Hansi Lo Wang, NPR News.

Copyright © 2011 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.