The translated article was originally released by iGuRu.gr in 2012, immediately after its publication by Mat Honan, but due to the "removals" at some point it was lost from our database. Today it returns as we consider it to be timeless.
Kill the Password: This summer (summer 2012), hackers hacked Mat Honan's accounts, effectively invading his life.
You have a secret that can ruin your life.
It's not a well-hidden secret. It's just a string of characters-maybe six if you're careless and 16 if you're careful-that can reveal everything for you.
Your email. Your bank account. Your address and your credit card number. Photos of your children or, even worse, by yourself, naked. The exact location you are sitting right now, as you can read these words.
Kill the Password: Since the beginning of the information age, we know that a password, as long as it is quite complex, is a sufficient means to protect our most valuable data.
But 2012 *, this is a fallacy, a fantasy, an outdated cliché. And whoever mentions it is a sucker, or someone who thinks you're a sucker.
It does not matter how complicated it is, no matter how unique your code is. One is certain that it can no longer protect you.
Kill the Password: Look around you.
Leaks and dumps from hackers invading computer systems by releasing names and millions of passwords.
The way we link our accounts, with an email address or a single username, creates a single failure point that can be exploited with disastrous results.
Thanks to a burst of personal data stored in the cloud, cheating customer service to reset passwords has never been easier. All that a hacker needs is to use personal information that is freely available from a service to gain access to another.
This summer, hackers have destroyed my entire digital life in an hour.
The passwords of Apple, my Twitter and his gmail I was all strong with 7, 10, and 19 characters, respectively. All the codes were alphanumeric, but also with symbols, but all three accounts were linked.
So when the hackers discovered their way to one, they had to everyone else. What they really wanted was just my name on Twitter: @mat.
As a three-letter name only, it is considered rare. And to delay me from taking it back, they used my Apple account. They made it through there to eliminate each of my devices, iPhone and iPad and MacBook, deleting all my messages and documents and every image I had since my daughter was 18-months.
From that dreadful day, I dedicated myself to researching the online world and security.
And what I have discovered is utterly frightening. THE digital life ours is just too easy to break. Imagine that I want to enter your e-mail. Let's say you have an email to AOL. All I have to do is visit the website and give your name and maybe the city where you were born. Information is easy to find in the age of Google. With that alone, AOL gives me a password reset, and I can log in to your account.
What is the first thing I do when I get access?
Search for the word "bank" to find out where you do your online banking. I go there and click on the link "Forgot your password?" I get the password reset and log in to your account, which I can check.
The common weakness in these hacks is the password. It's an artifact since our computers were not hyperlinked online. Age of password has expired! We just have not realized it yet.
Passwords are as old as culture. And since they've been there, people are dealing with breaking them.
413 BC was the period of the Peloponnesian War and the Athenian general Demosthenes arrived in Sicily with 5.000 soldiers to help in the attack on Syracuse. Things seemed favorable to the Greeks. Syracusians, Sparta's main allies, were bound to be defeated.
But, during a chaotic battle at Epipole during the night, Demosthenes' forces were scattered, and they were trying to re-articulate by shouting their slogan, a pre-designed word or a proposition to determine if the opposing soldiers were friendly.
Syracuse using the code passed silently through their ranks. The slogan has allowed opponents to become allies. Using this trick, the Syracusians decimated the invaders, and when the sun rose, their cavalry cleansed the rest.
The first computers that used passwords were possible with the MIT Time-Sharing Compatible System, developed by 1961 to limit the time a user could pass into the system. CTSS used a username to give access to the system.
In 1962, a doctoral student named Allan Scherr, within four hours, defeated login protection with a simple hack:
Discover where the file containing the access names is and print them. Then he could have as much time as he wanted in the system, since he could change names when his connection ended.
In the years that were years of web development, passwords worked quite well.
This is largely due to the fact that there were few elements that really needed protection. Perhaps the Internet service provider, e-mail and maybe some ecommerce site. Now things have changed.
E-mail addresses have been transformed into a kind of universal connection, which serves as our name almost everywhere.
Web-based e-mails are our portal to all cloud applications. We started banking from the cloud, monitoring our finances from the cloud, paying our taxes from the cloud. We have hidden our photos, our documents and our data all in the cloud.
But as the number of hacker attacks has increased, we began to believe and often mention a strange crutch:
The concept of a "strong" password. Large or growing web sites want the data and are sought by their users to store them in their "secure" databases. It is the hansaplast drawn into a river of blood.
Kill the Password: * Originally posted by Mat Honan at Wired who told a personal story.
Translated and published by: iGuRu.gr