I’ll bet you a year’s wages that although you’ve probably never heard of Victor Lustig, you’ll have heard of the object he once sold. In 1925 this Czech conman managed to sell the Eiffel Tower to a scrap metal dealer. As ridiculous as it sounds, you could almost say he deserved his success. He put in a lot of ground work which included printing up fake government documents, convening a meeting of interested scrap metal merchants in an elite Parisian hotel, spinning them an outlandish story about a top secret government plan to demolish the (then) dilapidated, unpopular, tax-draining eye sore and actually driving them down to see the sale item in a luxurious limousine to make his pitch and answer questions in the open air. Thing is, if he’d been alive today, he’d probably have been able to sell the Eiffel Tower, the Pyramids of Giza, the Sydney Opera House and the bones of Skippy the Bush Kangaroo without even having to leave his bedroom. He’d have thrived in the hacker-rich online environment being fueled by poor password security. It seems you can’t turn on a TV or open a newspaper without reading about somebody, somewhere becoming the latest victim. After recently discussing Apple Pay and how their revolutionary security features are allying consumers expected security fears, we wanted to look at what’s been done about the pain in the ass that is passwords?

Part 1: Where we are
One password to rule them all

In 2004, Bill Gates predicted the demise of passwords highlighting that “they just don’t meet the challenge for anything you really want to secure.” Seven years later, IBM said that “within five years, you will never need a password again.” Unfortunately, the need for passwords seems to have just increased, to the point where over three quarters (77%) of Australians have more than three online passwords. However, nearly two thirds (60%) of us use the same password across more than one of our accounts. This means we are recycling our passwords and this is where the hackers are absolutely thriving! While Google and Facebook plough millions into data security each year, how much effort do you really think Little Mary’s Bakery Recipes are putting into theirs? Hackers are exploiting poor or non-existent security in smaller sites and stealing all the emails and passwords they can. They can then try these passwords across a number of your different more important sites (no offence Little Mary) and wait until they find one of the 60% of people that use the same one across multiple sites. If you absolutely must have the same password for sites, consider having at least a different one for more important sites – you don’t want a site you use your credit card on once to have the same passwords as a site you use your credit card on every single day.

Default passwords

Over the last few years in the United Kingdom Rupert Murdoch has been through the ringer because of the illegal practices in one of his flagship newspapers. So bad was the fallout, that the News of the World folded with many hundreds of uninvolved employees losing their jobs. Numerous celebrities, politicians and members of the public had their phones ‘hacked’ and private material was revealed to the journalists doing it. But ‘hacking’ is actually too strong a word. While many of the practices were indeed technologically complex, an awful lot of information was gained because people bought new phones and never reset the default 0-0-0-0 password on their answering machines! Careers ruined, relationships ended and even murders obstructed over such a simple security oversight. So if you do buy a new piece of technology like a phone, modem or internet package, make sure you change the default password on day one.

Shared Secrets

Last year a scandal swept through Hollywood that saw hundreds of young women have extremely intimate photos of them made public to the world. Although unconfirmed, it is widely accepted that the majority of these images were stolen using the simplest and stupidest forms of ‘hacking’ – shared secrets. This rather lazy ‘solution’ to password protection came out over a decade ago where someone decided a layer of questioning would be a strong enough if someone forgot their password. Were these intimate questions only you would know? Were they tests of skill no one else could accomplish? No! They were moronic questions, the answers to which are widely available on social media, through government agencies requests or by just knowing a person slightly better than you would a total stranger. It’s mind blowing to think that many businesses still ask things like ‘Mother’s maiden name’, ‘date of birth’, and ‘pet’s name’ as a legitimate security step before releasing a new password. If you are asked this information, don’t be afraid to lie and make up your mother’s maiden name and your first pet – the requester won’t know the difference.

If you really want to keep your internet marketing business safe, it is important that you make your passwords more lengthy, complex and unpredictable. You should also consider these 3 important and recommended ways to help prevent your marketing accounts from getting hacked:

  1. Using mobile verification or 2-step verification
  2. Using third party enterprise apps
  3. Using a password manager
Part 2: Where we’re going
Speech Activated Passwords

Believe it or not, the shape of a person’s vocal cavities and even the way they move their mouth means that speech can actually be more unique than a fingerprint. Big banks are already using glorified lie detectors over phones to combat fraud and The Associated Press reported that US government departments are using it for tax and pension issues dealt with over the phone. It is yet to break into the consumer market but it is one of the options being looked at.

Heartbeat Passwords

Like vocal cavities, cardiac rhythms are unique to each person. Canadian firm Bionym has prototyped a bracelet that they hope will allow Halifax bank customers to prove their identities online using their heartbeat instead of a password. Users place their finger on the band, creating a circuit that can be used to check their ‘cardiac signature’ against a stored one.

Military ‘Next Generation’ Passwords

The US military is developing a new system – replacing passwords for web users. The biometric application programme interface (API) is based on the emerging field of behavioral-based biometrics. Basically, complicated algorithms are used to confirm a user’s identity by actually recognising the way they use desktop or mobile devices. From the rhythm of how you type to how you move a mouse or cursor, ‘cognitive fingerprints’ are expected to be even more fool-proof than the physical characteristics such as palms, face, DNA or iris recognition currently used in high-level military security.