Internet security: Kill or cure; Internet users whinge about passwords but are none too keen on the alternatives. Good news for crooks

Internet security: Kill or cure; Internet users whinge about passwords but are none too keen on the alternatives. Good news for crooks

Sep 7th 2013 |From the print edition

20130907_IRD001_1

PASSWORDS are a pain. People forget them. Hackers pinch them—this year Twitter lost 250,000 and Evernote, an online notebook service had to reset 50m after a breach. Many companies have been found to store passwords without “salting” them (adding extra data to flummox hackers) or even encrypting them at all. Firms are demanding harder ones: a minimum number of characters, plus numerals and upper- and lower-case letters. Busy and careless people skimp on security: the typical internet user, research suggests, uses just seven passwords to manage 25 online accounts. Even those tend to be easily cracked variations on a theme: “Bageh0t”, “Bageh1t”, “Bageh2t”, etc. The search for alternatives is both urgent and potentially lucrative. Google, along with other behemoths like PayPal and hardware-makers such as Lenovo and LG, have forged the FIDO Alliance, to develop alternative authentication employing a panoply of gadgets. These include USB sticks, chips on fobs and other tokens. (Google is working on a ring.)Yet any hardware is vulnerable to being pinched or cracked. Bracelets, rings, smartphones and computers can all be lost or stolen. Consumers can freeze accounts linked to compromised accounts and devices, but sometimes a moment is all it takes for mischief-makers to do damage.

Some of the new ideas involve biometric data—in theory unique to each user. Apple may have a fingerprint reader in its latest iPhone, which is due to go on sale later this month. On September 3rd Bionym, a Canadian firm, launched Nymi, a bracelet which detects the wearer’s heartbeat. The technology relies on the uniqueness of an individual’s PQRST pattern: the five peaks and troughs that appear in an electrocardiograms (ECG). Its shape depends on things like the heart’s size, shape and position in the body. An elevated heartbeat means ECG of a higher frequency, but does not affect PQRST itself. The Advanced Institute of Industrial Technology in Tokyo has developed a chair which detects—with 99% accuracy—the unique shape of a user’s bottom.

Such biometric data could be more secure. But handled wrongly, they could be far more damaging. These data can be cloned, as when someone’s fingerprints are “skimmed” from something he has touched and replicated (or “spoofed” in the jargon), for example by etching a print onto a jelly mould. Getting a new password is merely a hassle. What if thieves have the digital version of your retina, or chop off your finger?

One answer is to supplement passwords (and gadgets) with something else, such as a code texted to a phone, or generated by an app. But other companies eschew clever gizmos altogether, focusing instead on making passwords friendlier, for instance by tapping people’s visual memory rather than their verbal one. Many Samsung smartphones require a doodle, not a code. A British start-up called PixelPin asks users to select some objects, in a preset order, from an image they have uploaded. Barclays, a bank, sets multiple-choice questions which require detailed knowledge of the customers’ past life and times.

Yet instituting and using all these schemes take time and money. Joseph Bonneau, a security researcher at Google, has catalogued dozens of schemes designed to replace passwords over the past two decades. As yet, none has. Meanwhile, the cyber-criminals keep feasting.

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: