Next generation authentication: DNA?

I’ve blogged often
about the issues of identity, passwords, lack of security and the whole gamut
of how mobile internet combined with social media changes everything.  Now it’s hit the mainstream media when
British Airways magazine has its main front page
talking about cybercrime.

The first line gives away the rhythm of the article: “How do
hackers crack a corporation? Their top tool is you.”

The article talks about everything from using a USB
stick, which immediately creates an opportunity for hijacking, to the
vulnerabilities of copying corporate work to your private gmail account.

Scary stuff, and rightly so.

It also touches upon the commonest passwords used on the
internet, which happened to sync up with a couple of other articles I was
reading recently.

The first talked about the top passwords people use, with the number password being ... ‘password’. 

Wanna know the rest?

Well here you go:

1. password 
2. 123456  
3. 12345678 
4. abc123 
5. qwerty 
6. monkey 
7. letmein 
8. dragon 
9. 111111  
10. baseball 
11. iloveyou 
12. trustno1 
13. 1234567 
14. sunshine 
15. master 
16. 123123 
17. welcome 
18. shadow 
19. ashley 
20. football 
21. jesus 
22. michael 
23. ninja     
24. mustang 
25. password1

The second talked about PIN numbers, and they’re pretty
easy to crack too.  Wanna know the #1
PIN?  Yes, it’s ‘1234’.

If that doesn’t work, try anything from ‘0000’ to ‘9999’,
and one of them will probably crack open the vault.  For example, here’s the top
20:

1.
1234   

2. 1111  
3. 0000 
4. 1212 
5. 7777 
6. 1004 
7. 2000 
8. 4444  
9. 2222 
10. 6969 
11. 9999 
12. 3333 
13. 5555 
14. 6666 
15. 1122 
16. 1313 
17. 8888 
18. 4321 
19. 2001 
20. 1010 

So
it’s pretty obvious that easy to remember numbers and words are the order of
the day when cracking passwords and PINs.

In
fact, company systems are also easy to crack, as illustrated by
Paul Ducklin of Sophos who cracked open the Philips company databases
this year by using the really difficult to find password: ‘Philips’.

Wow!  Such high level security is unheard of and
reminds me of my favourite story
of Aaron Barr, the head of security at the leading US cybersecurity firm HBGary
who got pawned by @Anonymous by using the same username and password for his
LinkedIn account and corporate Google account.

Aaron
is now on everyone’s z-list, but that doesn’t cut it.

The
bottom line is that in today’s world of mobile internet with 24*7 access,
passwords are just so 20^th century.

We
should be using biometrics of something similar.

Personally,
my favourite is DNA as it would allow me to spit on my bank and they
would welcome me for doing so.

I’m
not sure it’ll take off however, as the technology is not quite right yet.