The Limited Times

Now you can see non-English news...

Cursed password: stories of people who lost the most important keys of their lives

2023-03-02T17:29:27.848Z


They are the keys to access essential services in the virtual world, but there are too many and you have to change them frequently. Experts analyze whether biometric options can be a solution.


A score of letters and numbers

took away the joy

of Cristian, a Córdoba computer engineer who prefers not to know his last name "because I suffer enough in solitude, I don't need anyone to talk to me about it."

A little over ten years ago, he received some bitcoins as part of payment for the migration of some servers and kept them in his virtual wallet.

For a long time he did not pay much attention to that savings until a colleague reminded him of the payment and Cristian tried to find out how much money he had.

But he couldn't:

he had forgotten the username and password

he had entered years before.

Blank canvas and worry: what is the key?

Photo: Shutterstock

To make matters worse, the email that he used at that time no longer existed because they had deleted the site and

the server that hosted it...

He had no way or anyone to complain to other than his own carelessness.

“I spent many sleepless nights with my mind set on the money that is stored there without my being able to use it.

I think about everything that could help my family

right now or how it could help me if I have an accident and can no longer work.

I try to avoid news about bitcoin rising so I don't get bitter, but last year I overheard a conversation at a barbecue and I figured I lost between $120 and $150,000.

Obviously, I fell back into a depression

, ”admits Cristian.

He is not the only one who has suffered

a headache

of this type because of the blessed passwords.

The American software developer Stefan Thomas bought nearly seven thousand bitcoins in 2011.

It is estimated that 20% of bitcoins are in virtual wallets to which their owners do not have access due to forgetting the password.

He stored them on a USB with a password, but when he wanted to recover them, he discovered that he had forgotten it.

The system allows you ten attempts to log in before being locked out forever.

She's already tried eight and decided to give up

.

At the time of writing this note, the trapped fortune exceeded 220 million dollars.

It is estimated that 20% of bitcoins are in wallets to which their owners do not have access due to forgetfulness.

Open Sesame

In this highly digitized world,

passwords

are the way we access not only our virtual wallets but also our bank accounts, ATMs, emails, social networks, work computers and a host of other essential services.

This is not a new phenomenon: passwords have been around since time immemorial and have always been problematic.

Facial recognition, an option before the keys.

But according to experts, it also has risks.

Photo: Reuters.

In the legend of

Ali Baba and the forty thieves

, the protagonist inadvertently overhears the secret phrase used by a band of thieves to enter a cave where he finds a fabulous treasure, but from which he

steals a single bag of coins

so as not to arouse suspicion.

When he tells the story to his brother, he decides to go to the cave to take much larger loot, but his greed gives him away and he is brutally murdered.

Ali Baba manages to avenge his death and kills the thieves, becoming the sole holder of the key to the cave.

While for Cristian the password to access his fortune in bitcoins is a series of letters and numbers that he cannot remember, for the hero of

One Thousand and One Nights

it was simply saying “Open Sesame”.

Whether it's a crypto wallet or a magic cave

, it all depends on knowing the password.

Biometric data is not the perfect solution, as it can give false positives and false negatives.


In

A history of c0ntr4s3ñ4s

, a book that will arrive in Argentina in April through Ediciones Godot, English literature and technology professor Martin Paul Eve explains that using a password involves

presenting a challenge

and receiving a response.

Who wants to confirm the identity of another person will ask for the password and the other party must provide

previously shared and agreed knowledge

to prove their identity.

In essence, answering the challenge correctly involves verifying that a person knows a specific word or phrase.

If it is believed that an individual and only that individual can know that key, then

that knowledge is assumed to identify that person

.

Stealing passwords, a hacker habit.

Photo illustration: AP.

However, not only is it possible that we forget the right word, as happened to Cristian, but someone else could get it, as happened with Ali Baba.

“We can see a password as a key: there are doors that do not need keys, because it is not necessary to protect what is inside, as when we enter a web page or a square;

but we do lock the door of our house or office.

The same happens with

our social networks or our bank account

, for example.

The platform needs to know that we are the ones who want to access it and not someone else.

Passwords are that way of validating the identity of the user,” explained

Martina López, Information Security researcher at ESET Latin America, to

Viva .

Marcela Pallero, director of the ICT Security Program of the Sadosky Foundation, adds one more element to the metaphor:

“In addition to the key, you have to take into account the lock.

And even how the door and the whole house are built, because perhaps what we are taking care of is accessible by other means.

Systems that use passwords depend, on the one hand, on the string of characters and, on the other, on the platform or system that validates and stores them.

For example,

the minimum number of characters they support

and the types of characters, the number of times you can make a mistake before the system crashes and prevents further testing.

“There are ways to guess that set of characters –adds Pallero–, generally based on social engineering techniques, which are the ones used to obtain information from different sources such as social networks, public sources or classic hoaxes.

Someone can pose as health personnel through a phone call and

ask us how many vaccinations or what diseases we had

and obtain confidential information, for example.”

Thus, these "keys" are very problematic and are becoming a growing headache for all people: we ca

n't seem to escape from them

and they need to be more and more complex, they have to be renewed periodically and it is not a good idea to use the key. same for all services.

But the big question is: who can remember them all without being wrong?

damn password

Losing a password can also have strong sentimental consequences: Enzo, for example, is a 42-year-old from Buenos Aires who

had digitized photos of his childhood and youth

to save them in a Yahoo!

When her father passed away during the pandemic, she wanted to look at those photos again and discovered that it had been almost a decade since she had entered that mailbox and that she could not remember the password.

“There are photos there that I don't know if I'll get back and the system only lets me make three attempts before blocking me for 24 hours.

I already tried the combinations that seemed reasonable to me but none of them work

.

I even called my ex-girlfriend to see if she remembered what password she was using back then… Of course she had no idea,” she revealed.

In any case, he does not lose hope: he thinks that he must have written the key in a notebook or in a book and

he hopes to find it some day

.

He just has to trust that by then his account is still active and the Yahoo!

keep running.

“Basically, it is the same problem we have today with telephone numbers: I perfectly remember the number of my house where I lived with my parents, but I don't know my wife's cell phone by heart.

So,

how can we expect us to remember dozens of passwords by heart?

This leads us to think of formulas that are easy to memorize, such as the street where we live or the date of birth of our children, which makes it easier for a third party to guess it”, says Santiago Cavanna, Chief Information Security Officer of Microsoft

Argentina

.

“To add insult to injury – adds this specialist – over the years libraries of passwords obtained after leaks or cyberattacks have accumulated.

So

today you can buy millions of real passwords

, created with mnemonic rules, and create a program that tests them one by one.

This is known as a brute force attack and they are becoming more frequent.”

The problems of the solutions

Microsoft embarked, long ago, on a plan to

eliminate traditional passwords

that are made up of letters, numbers and signs.

Thanks to the

Microsoft Authenticator

and

Windows Hello

applications , each time a user wants to enter an account, a security key or verification code is sent to a phone or email, which can be used to log in to the different

applications

, or using facial recognition, fingerprint or a PIN.

However, the increasing use of information from our body to

validate our identity

(including iris recognition) raises alarms among specialists and activists.

The access code to the afip was stolen from an accounting study.

Thus, they modified the social charges of their employees.


For Pallero, this is very sensitive data with a destination that is not clear: "Our biometric data is

very valuable in various fields

and can easily be turned into merchandise or part of campaigns that impact our health, freedom of expression or the political targeting”.

The Sadosky Foundation specialist assures that “biometric information is too sensitive to be simply used for authentication when there are other methods.

We live in a moment in which

the transversality of technology in society is total

, but we continue to think of very rigid, compartmentalized structures”.

Tobías Schleider –philosopher, lawyer and security consultant– ironically: “The idea of ​​using biometric data to access our devices, mainly cell phones and laptops, seems like a good one because it is practical and comfortable, but thanks to frozen pizza, sandals from plastic and some summer novels

we know that comfort is not always the best option or the safest

”.

In his view, in addition to storage and usage problems, these procedures are expensive and far from perfect.

“False positives are quite frequent in these applications, as well as false negatives, which would grant access to someone who is not the right person to enter –Pallero alert–.

Our external body is naturally more accessible than our memory and

our fingerprint could well be used on us unconsciously

or our face without our consent.

Also, we have no control over where our data goes and what it is used for.”

And if we retire them?

For Cristian Borghello, a specialist in Education and Information Security,

traditional passwords were thought of decades ago

, when they were used by fewer people and on fewer devices.

For him it would not be a bad idea to retire them, but the problem is that

the available alternatives also have their own problems

, starting with the fact that it is difficult for human beings to change their habits.

“Using a password manager that uses only a master key brings me forgetfulness or strength problems,” he explains.

If I write it down in a notebook, a piece of paper or an Excel spreadsheet, it automatically becomes vulnerable.

If one day I lose that password, I'm literally out of everything

.

And if someone breaks into the cloud where they are stored, they can access all my information.

And although in a realistic security model, biometrics is stronger than passwords, if they steal our fingerprint or manage to replicate our face, we are in trouble because... our face cannot be replaced by another!

And criminals are always one step ahead.”

But it is not necessary to imagine

a dystopian scenario where we lose our face

.

At the end of last year, Julio, the owner of a clothing and accessories brand for dissidents with premises in the mythical Bond Street Gallery, decided to intervene on his face and tattooed his eyeballs black, a type of operation that is increasingly frequent.

When he wanted to access the money from his venture through the Mercado Pago platform app, he discovered that he did not recognize his face.

He tried multiple ways –with glasses, without them, with a different light, even sticking some drawings of his eyes made on paper–, but without success.

He had to request help from the company

, which told him that he could no longer use this type of authentication because the system no longer recognized his face.

Since then she has been left out of one of the fashionable authentication methods.

There is also a whole criminal business around passwords.

In his book Engaños digitales, víctimas reales, journalist Sebastián Davidovsky tells the story of

an Argentine accounting firm that was robbed of

, among other things, the access passwords to its email servers and the tax code for the AFIP portal.

Thus, they modified the social security charges of the employees and sent emails to clients and colleagues with false information.

Consulted by

Viva

, Davidovsky believes that awareness of the importance of taking an interest in security on digital platforms has grown in recent times: “It seems to me that it is

a phenomenon closely related to experience

, either one's own or that of acquaintances.

Computer crimes are on the rise and with them the need to know more and take better care of oneself grew”.

“We are never going to have total security in the digital realm for two reasons: no system is completely secure and we as users will always be vulnerable to deception to obtain that information.

I think that just as we learned that

we must have different security measures on the street than in our homes

, such as not putting the cell phone in a highly visible place or walking with an open backpack, we will end up doing the same in digital environments," Davidovsky pointed out.

In the end, things didn't change so much

between Ali Baba's mischief and Cristian's insomnia

.

In the words of Cristian Borghello: "I dream of the death of passwords, but I don't see it as something that is going to happen soon." 

look also

The 90s are back: why now they revalue the "cursed decade"

look also

E-sports: how the most successful Argentine gamers live and train

Source: clarin

All news articles on 2023-03-02

You may like

Life/Entertain 2024-02-29T11:04:26.154Z

Trends 24h

News/Politics 2024-03-28T06:04:53.137Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.