Reporting Ian Bush
By Technology Editor Ian Bush
PHILADELPHIA (CBS) - It’s the way we get into our phones, email, social networks, and just about everything else on the web, but there are big problems with passwords and even innovations aren’t immune from being compromised.
With dozens of sites to access, how do you keep your credentials straight?
“The problem is people are choosing really simple passwords because we have so many to keep track of,” says writer Rachel Swaby. “We end up using things we can remember, and those things that we can remember are also things that are easily hackable.”
You need only look to Zappos and LinkedIn for recent evidence of password attacks on popular sites.
Swaby, in an article published this month in The Atlantic, says touch screens have changed the game for smartphone logins.
“For instance, Android devices have an option to draw a pattern across a 3×3 grid, and that pattern can get you into your phone,” she explains. “Microsoft has come out with a picture password system: you pick a picture — your family, your cat — and then you connect some key points in that picture with your finger.”
But even the finger-drawn login for mobile devices can be “reverse smudge engineered;” yes, that’s a thing.
“Someone can see the pattern you draw across your phone if you do it often enough,” Swaby says.
Swaby says the Department of Defense is looking at the way people touch and swipe; your individual way of interacting with a computer or site – your clicking or typing rhythm, for example – could be turned into a kind of active authentication.
“Kind of like your bank does when you go to Europe and it recognizes that’s strange and it locks you out of your account,” Swaby says. “We all approach these things individually, so it would constantly be monitoring if you’re the one on your machine.”
Also in development, using tablet tech to capture finger speed, shape and distance as it spins a digital dial — biometrics that don’t involve scanning your fingerprint.