Over the last 20 plus years, widely available personal computers, tablets, and smart phones have revolutionized our interaction with almost everything. With a few clicks of a mouse, or swipe of a finger, we can order clothing, book flights, reserve a hotel, deposit a check, pay a bill; there isn’t anything we can’t do from the comfort of our own home, or the neighborhood coffee shop.
Our personal information is stored, somewhere, by a seemingly uncountable number of vendors, institutions, marketing companies web sites. Unfortunately, criminals, adept at using software to invade our home computers or smart phones are also aware of the vast amount of information available. Criminals search for security weaknesses to extract our personally identifiable information, such as credit card or social security numbers, birth dates and more to able to set up false identities or deplete our online accounts. Criminals also seek to install ransomware, locking corporations and users from accessing computers.
Just as we secure our homes with a lock on the front door, we also need to secure our online identity, our most basic protection is the humble password. The password in combination with an email address or username, identifies the authorized user of frequently accessed sites or apps and any retained personal information.
Too often, we underestimate the importance of passwords, selecting something easy to remember rather than difficult for an attacker to break.
In this multi-part series, we examine various security threats from personal computing and techniques to best protect yourself from the dangers of criminals wandering the internet looking for victims.
History of Passwords
Passwords are secret data, typically an arbitrary string of characters which include letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN). A key attribute in picking a password is to select something which is hard to guess, so a password may be composed of multiple words, separated by spaces: a passphrase.
The longer the password (or phrase) the harder it is for software password-breakers to reveal the actual password.
Passwords have been in use for much longer than the internet or computers. There are historical references to the use of “watchwords” in the Roman military. Sentries challenging anyone wishing to enter an area to supply a password or watchword, only allowing entry upon hearing the correct password.
Passwords were used by the military over the years, evolving to include both a password and a counterpassword. During World War II, GIs would challenge any individuals entering an area with a password, to be replied with a counter password.
The first time a password was used in computing was 1960 at MIT. The university had a large mainframe computer to be shared by numerous researchers. Each shared not only the mainframe but a single disk file as well. The password was developed so users could access the computer for their allotted time (in 1960, computing resources were severely limited) and only have access to their own specific files.
The first time a computer password was hacked was also 1960, when researchers started using others’ passwords to gain more computer time.
Though the password is a less than perfect approach to security, it went on to become the go-to method for computer security due to its simplicity, which is also a disadvantage.
Attempting to reduce the password disadvantages, a cryptographer at Bell Labs devised a technique called “hashing” where the entered password values were converted to numeric output which could be used to compare to an entered value to validate the passwords but could not be used to reverse engineer the password.
With hashing, the actual password is not stored, only the numeric values to validate the password entered matches. Hash functions used in cryptography have the following key properties:
- It’s easy and practical to compute the hash, but “difficult or impossible to re-generate the original input if only the hash value is known.”
- It’s difficult to create an initial input that would match a specific desired output.
Thus, in contrast to encryption, hashing is a one-way mechanism. The data that is hashed cannot be “unhashed”.
Additional layers of security include “salting”. Modern password databases to further protect a password by inserting random data with the password, then hashing the resulting values.
Another security technique is “encryption”, where a key is used to convert a set of entered values to something which appears to be meaningless, but which can then be unencrypted. This technique is only used when the password or pass phrase must be known and reviewed for validation.
In our next installment we discuss how customers can increase their security.
Aspen Insurance Agency is a family run business in Denver, Colorado servicing clients nationwide. We work with multiple insurance carriers to offer our customers a wide variety of risk reduction coverage at the lowest possible cost. We offer a wide range of personal, auto insurance, commercial and professional insurance to residential and commercial insurance customers enabling the cheapest rates available. Call to speak to one of our professionals for home or business insurance and see how painless insurance shopping can be.