Secure from what? Password edition

Do you KNOW where he is?

“…uh, um…”

Edna Mode has just shown Helen (aka Elastigirl) the new line of outfits for the entire superhero family – each with its own built-in homing device. Confronted with the direct question, Helen realizes that she really doesn’t know the whereabouts of her husband Bob (aka Mr Incredible), so she activates the homing button which sets the family off on the big adventure to rescue him. [**Spoiler Alert!** Turns out he wasn’t at an insurance conference.]

I was reminded of this great scene from the animated movie The Incredibles (2004) when reading a recent ZDNet article: Need a secure smartphone? Answer is simple, experts say.

sp_do-you-kow-where-he-is

In response to the question in the title, security researcher Kenneth White wasn’t joking when he gave his response: “Secure from what?

When it comes to protecting yourself, you have to have some idea what you’re protecting yourself from; a climbing helmet is a necessary piece of protective equipment if you’re going mountain climbing – but not so much if you’re going swimming.

Judging by the passwords people are using, it looks like still too many people don’t know what, or who, they’re protecting themselves against. Passwords like 123456, password, qwerty, 12345678 or a pet’s name may stop the grandparents from accidentally accessing their email account, but passwords like this aren’t going to protect them – or you – from, well, anyone who is actually trying to get sneaky access to your password-protected accounts.

With all the news of breaches of major companies and hacks of all sorts, not to mention increasingly popular phishing attacks, maybe it’s no wonder that the basics of password security get lost in the shuffle for most people.

The key to access security – by physical key or password – is to have unique access for each account or locked ‘unit’. Just like you wouldn’t want to have the same key for your car and your house, you don’t want to have the same password for your email and your bank accounts. Also, enhance your protection by activating 2-factor authentication wherever possible.

Based on passwords revealed in ‘worst passwords’ lists as well as surveys, people seem to think that their passwords are NOT supposed to protect them, but are supposed to make accessing accounts easy. These folks miss the security purpose of their passwords. [Just like those people who turn their blinker on only after they’ve already started making a turn, instead of before they enter the intersection don’t understand the signaling purpose of their turn signals! (Yes, that’s a pet peeve! )]

Even if you don’t fall into the 24/7 online life with the average 30+ accounts, your best bet to protect your accounts from a local threat (i.e. restrict access to a family member or nosy neighbor) as well as faraway hackers is a password manager like Sticky Password. We analyzed the types of threats to your passwords in an earlier article Who are you passwords protecting you against?

And here’s that great clip from The Incredibles that you can watch on Youtube. You’ve got to love the access authentication (at the 30 second mark) to enter Edna’s work room: password, palm print, retina and voice!