Companies, developers need to do more to increase password security
Google urged users this week to take more care in creating passwords. In a post on the Google Blog, Google Software Engineer Diana Smetters offered some guidelines, including using a different password for each online account, keeping them in a safe place, creating a recovery option and making them hard to guess. Smetters suggests using a mix of letters and numbers and avoiding basing passwords on common phrases.
Though industry experts generally applauded Google’s efforts to increase consumer awareness, most agreed the company could do more. Seth Rosenblatt reports at CNET that industry experts Alex Salazar and Mary Landesman feel Google should be pressuring developers and companies to improve their security practices.
Landesman noted, for instance, that using spaces in passwords makes them stronger, but most sites don’t let you do that. Salazar outlined three steps Google could take to make the web safer for consumers: pressure companies to require consumers to choose passwords that are easy to remember but hard to break; be a stronger two-factor authentication advocate; and to publish guidelines for developers — and to do a better job of stressing the importance of protecting your customers. Landesman pointed out that often, blame for password breaches is misplaced on users. “[Password security] is tilted against the user,” she said.
Salazar and Landesman make a valid point. Dan Goodin reports this week on the ease of hacking passwords in a post at Ars Technica. He recounts the exercise Ars deputy editor Nate Anderson undertook in March to crack a list of more than 16,000 cryptographically hashed passcodes; with no password cracking training whatsoever, he was able to decipher nearly half of them. Since then, they’ve given the list to cracking experts to see how the passwords fared.
“The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function,” Goodin noted, which is the way most websites store passwords. Their top cracker was able to decipher 90% of passwords on the list, and even their weakest cracker — “who used the least amount of hardware, devoted only one hour, used a tiny word list, and conducted an interview throughout the process” — deciphered 62% of the passwords. You can read the full account of the exercise, including methods and tools used by the cracker team, at Ars Technica.
As sensors become more prolific, a new breed of tiny computers is emerging
Wired’s Bryan Gardiner put together an interactive story this week looking at the various kinds of sensors, what they track, and how the data is used to benefit humans in various ways. Readers can hover over the arrows placed in the images to reveal a detail shot of the sensor being highlighted, along with information about the type of sensor employed, the data it gathers, and how it’s used. The example below shows how sensors are being used to aid us in our everyday activities — sensors placed behind athletes’ ears can help detect concussions.
His presentation also includes the worldwide sensor network Deep-Ocean Assessment and Reporting of Tsunamis (DART) Buoy Array and a network of magnetometer sensors in San Francisco helping drivers find parking spaces. You can see his full story at Wired.
And as sensors need to go more and more places to gather important data — even inside the human body — the computers and processors are going to need to shrink quite a bit in size. Tom Simonite at MIT Technology Review reports this week on a new computer chip, the KLO2 chip, being developed by Freescale. “The genesis of the chip,” Simonite writes, “was a customer asking for help creating a wireless device small enough to be easily swallowed and cheap enough to be considered ‘digestible.’” According to the chip’s specs, it measures in at 1.9 mm by 2.0 mm, which contains, Simonite notes, “memory, RAM, a processor, and more.” You can read Simonite’s full report, including how Freescale is overcoming packaging issues involved in bringing sensors and other components together in such a small space, at MIT Technology Review.
Calling out the big data skeptics
GigaOm’s Derrick Harris called out the big data skeptics this week. Highlighting several noted skeptics from Mike Loukides to Nassim Taleb to Gartner’s Hype Cycle dropping big data into the “Trough of Disillusionment,” Harris declared, “I call B.S. on all of it.”
Harris points out that the benefits of big data are directly related to the expectations going in, that critics declaring that big data isn’t what it’s cracked up to be are setting up a strawman “because no one should think it’s magic to begin with.” He addresses the issues of correlation versus causation, biases of web-derived data, focusing on insights to the exclusion of other big data benefits such as automation, and the importance of approaching big data solutions with a plan and managing — even setting — expectations. “Big data will never equal perfect data, but it can definitely point us in the right direction,” Harris writes. “I suggest not throwing the baby away with the bathwater.” You can read his full piece at GigaOm.
Tip us off
News tips and suggestions are always welcome, so please send them along.