The translated article was originally released by iGuRu.gr in 2012, immediately after its publication by Mat Honan, but due to the "removals" at some point it was lost from our database. Today it returns as we consider it to be timeless.
Kill the Password: This summer (summer 2012), hackers hacked Mat Honan's accounts, effectively invading his life.
You have a secret that can ruin your life.
It's not a well-kept secret. It's just a string of characters — maybe six if you are careless and 16 if you are careful — that can reveal everything about you.
Your email. Your bank account. Your address and your credit card number. Photos of your children or, worse, of yourself, naked. The exact location where you are sitting now, as you can read these words.
Kill the Password: Since the beginning of the information age, we know that a password, as long as it is quite complex, is a sufficient means of protecting our most valuable data.
But in 2012 *, this is a delusion, a fantasy, an outdated cliché. And whoever mentions it is a sucker, or someone who thinks you are a sucker.
No matter how complicated, no matter how unique your password is. One thing is for sure, it can no longer protect you.
Kill the Password: Look around you.
Leaks and dumps from hackers invading computer systems releasing names and millions of passwords.
The way we link our accounts, with one email address, or with a single username, creates a single point of failure that can be exploited with disastrous results.
Thanks to an explosion of personal data stored in the cloud, tricking customer service into resetting passwords has never been easier. All a hacker needs to do is use the personal information that is freely available from one service to gain access to another.
This summer, hackers ruined my entire digital life in one hour.
The codes of Apple, my Twitter and his gmail to me they were all strong with 7, 10, and 19 characters, respectively. All codes were alphanumeric, but also with symbols, but all three accounts were linked.
So when the hackers found their way to one, they had it in everyone else. What they really wanted was just my Twitter name: @mat.
As a name with only three letters, it is considered rare. And to keep me from getting it back, they used my Apple account. From there they managed to wipe out each of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every image I had since my daughter was 18 months old.
From that awful day, I devoted myself to researching the online world and security.
And what I discovered is completely scary. THE digital life ours is just too easy to break. Imagine that I want to enter your e-mail. Let's say you have an email to AOL. All I have to do is visit the website and give your name and maybe the city where you were born. Information is easy to find in the age of Google. With that alone, AOL gives me a password reset, and I can log in to your account.
What is the first thing I do once I have access?
Search for the word "bank" to find out where you do your online banking. I go there and click on the link "Forgot your password?" I get the password reset and log in to your account, which I can check.
The common weakness in these hacks is the password. It's been a work in progress since our computers were not over-connected. The password has expired! We just haven't realized it yet.
Passwords are as old as culture. And since they existed, people have been dealing with their breaking.
In 413 BC, it was the period of the Peloponnesian War and the Athenian general Demosthenes arrived in Sicily with 5.000 soldiers to help in the attack against Syracuse. Things seemed favorable for the Greeks. The Syracusans, Sparta's main allies, were certain to be defeated.
But, during a chaotic battle at Epipole overnight, Demosthenes' forces were scattered, trying to regroup by shouting their slogan, a pre-planned word or sentence that determined if the opposing soldiers were friendly.
The Syracusans, using the code, passed quietly through their ranks. The slogan allowed opponents to transform into allies. Using this trick, the Syracusans decimated the invaders, and when the sun rose, their cavalry cleared the rest.
The first computers to use passwords were probably those with the MIT Time-Sharing Compatible System, developed in 1961 to limit the amount of time a user could spend on the system. CTSS used a username to access the system.
In 1962, a doctoral student named Allan Scherr, within four hours, defeated login protection with a simple hack:
Find out where the file containing the access names is and print it out. He could then have as much time as he wanted in the system, as he could change names when his connection expired.
In the years that followed the years of web development, passwords worked quite well.
This is largely due to the fact that there were few items that really needed protection. Maybe in the Internet service provider, in the e-mail and maybe in some e-commerce website. Now things have changed.
Email addresses have been transformed into a kind of universal connection, serving as our name almost everywhere.
Web-based e-mails are our portal to all cloud applications. We started banking from the cloud, monitoring our finances from the cloud, paying our taxes from the cloud. We have hidden our photos, our documents and our data all in the cloud.
But as the number of hacker attacks has increased, we have come to believe and often quote a strange psychological crutch:
The meaning of the "strong" password. Large or growing web sites want data and demand it from their users to store it in their "secure" databases. It is the hansaplast that was swept away in a river of blood.
Translated and published by: iGuRu.gr