Have you changed your passwords since the security flaw known as Heartbleed emerged? Have you made sure they’re all long, alphanumeric and randomized? Did you use a unique one for every site — every bank account, every e- mail address, every music-streaming service, every social media profile and so on?
Congratulations! Your information still isn’t safe. That’s because passwords, by themselves, can’t make it safe.
Every company is vulnerable to digital intrusions. By one estimate, 97 percent of Fortune 500 companies have been hacked. And stolen passwords, according to a report last year from Verizon Communications Inc., are usually the way in.
True, people tend to use dopey passwords (the most popular password of 2013 was “123456”). But hackers can now overcome even “strong” passwords: They can use powerful algorithms to break down probable combinations, install malware on your computer to log keystrokes, lure the unsophisticated to fake login sites, exploit account-reset mechanisms, and on and on. Even the strongest password in the world would have been vulnerable to Heartbleed, which enabled hackers to siphon data — including user names and passwords — from sites that used a common security protocol.
Is there a better approach? The short and sad answer is no. The slightly less short and sad answer is not yet.
Although security technology is growing more sophisticated, it’s still flawed. Two-step verification — in which a site sends, say, a text message with a code to enter before allowing users to access their account — is an improvement. But it’s also vulnerable to hacking. Password managers, which allow users to store tons of complicated passwords in an encrypted file, also could help. But they, too, have their vulnerabilities.
Then there’s a growing assortment of biometric devices: iris scanners, fingerprint detectors, palm-print readers, heartwave sensors and more. Motorola has even toyed with the idea of an ingestible pill that would send out electrical signals to identify you.