Extreme password protection — how hackers keep themselves safe
NEW YORK — Want to stay safe on the Internet? It’s time to rethink all your passwords.
That’s what David Kennedy did. He’s a security researcher and “ethical hacker,” and remembers only one: It unlocks a password vault, an encrypted database that stores dozens of his other passwords. Each one ranges from 30 to 50 characters long.
“Even if hackers got access, it’s protected and encrypted and keeps it in encrypted format,” said Kennedy, who has the tech skills to crack passwords easily.
Web security tools are increasingly in focus as people scramble to change their passwords following a software bug called Heartbleed, which enabled security holes on sites thought to be secure.
Along with strong passwords and safe password storage, Kennedy also says 2-factor verification is a must for anyone signing in to a website. With this process, you enter your regular password, but that triggers a text message or a phone call with an additional code you must enter before signing on.
Robert Hansen, Vice President of Labs, WhiteHat Security, advises people not to use the same password for different websites. As a security researcher who understands hacker communities, Hansen is extreme when it comes to his own security.
“When I close my browser, the cache and cookies are removed…all third party cookies are removed,” he said. “All ads are removed. All tracking systems are disabled.”
Both Kennedy and Hansen agree: In an increasingly hackable web, passwords are antiquated.
“We need to move to different technologies that support something other than a password,” Kennedy said.
One solution: biometrics.
Apple’s iPhone 5s and Samsung Galaxy S5 include a fingerprint scanner. Other companies are also building out biometric technology. A company called Bionym recently created a wristband that recognizes a user’s cardiac rhythm for authentication purposes.
But passwords aren’t going anywhere any time soon, Kennedy said, and the impact of the Heartbleed bug will be felt for a long time.
“Heartbleed is probably one of the largest security exposures that we’ve ever seen,” he said. “It’s a big deal and it’s not going away soon.”