Passe passwords

  • Associated Press
  • Tuesday, June 1, 2004 9:00pm
  • Business

To access her bank account online, Marie Jubran opens a Web browser and types in her Swedish national ID number along with a four-digit password.

For additional security, she then pulls out a card that has 50 scratch-off codes. Jubran uses the codes, one by one, each time she logs on or performs a transaction. Her bank, Nordea PLC, automatically sends a new card when she’s about to run out.

As more Web sites demand passwords, scammers are getting more clever about stealing them. Hence the need for such “passwords-plus” systems.

Scandinavia countries are among the leaders as many online businesses abandon static passwords in favor of so-called two-factor authentication.

“A password is a construct of the past that has run out of steam,” said Joseph Atick, chief executive of Identix Inc., a Minnesota designer of fingerprint-based authentication. “The human mind-set is not used to dealing with so many different passwords and so many different PINs.”

When a static password alone is required, security experts recommend that users combine letters and numbers and avoid easy-to-guess passwords such as “1234” or a nickname.

Stevan Hoffacker follows those rules but commits a different faux pas: He uses the same password everywhere, including access to multiple e-mail accounts, Amazon.com, The New York Times’ Web site and E-ZPass electronic toll statements.

In such cases, should hackers or scammers compromise one account, they potentially have one’s entire online life.

“This is one of these things that if I stop and think about it, it is not good, but I do my best not to stop and think about it,” said Hoffacker, an information technology manager in New York.

But it’s difficult to remember dozens of strong passwords – so many sites now require them. Alternatives include writing them down on a sticky note attached to a monitor or in an electronic spreadsheet – practices security experts also deem unsafe.

With two-factor authentication, having a password alone is useless.

“We will never play the fear factor here, but still it stays a fact that with our products, ‘phishing’ (cracking a password code) is no longer an issue,” said Jochem Binst of Vasco Data Security International Inc.

The Belgian company issues devices the size of pocket calculators or keychains. You type your regular password into the device for a second code that is based on the time and the unit’s unique characteristics. That’s the code you type into the Web site.

Someone who steals your device won’t have your password; someone who steals your password won’t have your device.

MasterCard International Inc. has been testing similar systems in Britain, Germany and Brazil. Swipe a credit card with a smart chip into a special reader, enter your PIN and obtain a password good only once at Office Max, British Airways and a dozen other merchants.

In Singapore, bank customers wishing to designate new accounts for fund transfers must likewise obtain a second password – through a phone call, e-mail or mobile text messaging.

Biometric systems are similar, except a fingerprint or iris scan replaces one or both passwords.

In the United States, use of two-factor authentication remains limited.

U.S. banks and e-commerce companies have focused, for now, on making sure passwords are strong. EBay, for instance, now rejects attempts to create passwords such as “eBay” or “password.”

Before two-factor authentication becomes commonplace, laptops must come standard with biometric readers, or manufacturers must bring down costs for password-generating devices.

Outfitting 1 million customers with such devices could cost $20 million, while Internet fraud for those customers amounts to “tens of thousands at most,” said Tony Chew, director of technology risk supervision at the Monetary Authority of Singapore. Singapore banks thus limit dynamic passwords to fund transfers, he said.

Associated Press

Marie Jubran of Stockholm refers to a code from a scratch-off card that she uses to get access to her bank account.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

A closing sign hangs above the entrance of the Big Lots at Evergreen and Madison on Monday, July 22, 2024, in Everett, Washington. (Ryan Berry / The Herald)
Big Lots announces it will shutter Everett and Lynnwood stores

The Marysville store will remain open for now. The retailer reported declining sales in the first quarter of the year.

George Montemor poses for a photo in front of his office in Lynnwood, Washington on Tuesday, July 30, 2024.  (Annie Barker / The Herald)
Despite high mortgage rates, Snohomish County home market still competitive

Snohomish County homes priced from $550K to $850K are pulling in multiple offers and selling quickly.

Henry M. Jackson High School’s robotic team, Jack in the Bot, shake hands at the 2024 Indiana Robotics Invitational.(Henry M. Jackson High School)
Mill Creek robotics team — Jack in the Bot — wins big

Henry M. Jackson High School students took first place at the Indiana Robotic Invitational for the second year in a row.

The computer science and robotics and artificial intelligence department faculty includes (left to right) faculty department head Allison Obourn; Dean Carey Schroyer; Ishaani Priyadarshini; ROBAI department head Sirine Maalej and Charlene Lugli. PHOTO: Arutyun Sargsyan / Edmonds College.
Edmonds College to offer 2 new four-year degree programs

The college is accepting applications for bachelor programs in computer science as well as robotics and artificial intelligence.

Everett Mayor Cassie Franklin, Advanced Manufacturing Skills Center executive director Larry Cluphf, Boeing Director of manufacturing and safety Cameron Myers, Edmonds College President Amit Singh, U.S. Rep. Rick Larsen, and Snohomish County Executive Dave Somers participate in a ribbon-cutting ceremony on Tuesday, July 2 celebrating the opening of a new fuselage training lab at Paine Field. Credit: Arutyun Sargsyan / Edmonds College
‘Magic happens’: Paine Field aerospace center dedicates new hands-on lab

Last month, Edmonds College officials cut the ribbon on a new training lab — a section of a 12-ton Boeing 767 tanker.

Gov. Jay Inslee presents CEO Fredrik Hellstrom with the Swedish flag during a grand opening ceremony for Sweden-based Echandia on Tuesday, July 30, 2024, in Marysville, Washington. (Ryan Berry / The Herald)
Swedish battery maker opens first U.S. facility in Marysville

Echandia’s marine battery systems power everything from tug boats to passenger and car ferries.

Helion Energy CEO and co-founder David Kirtley talks to Governor Jay Inslee about Trenta, Helion’s 6th fusion prototype, during a tour of their facility on Tuesday, July 9, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
State grants Everett-based Helion a fusion energy license

The permit allows Helion to use radioactive materials to operate the company’s fusion generator.

People walk past the new J.sweets storefront in Alderwood Mall on Thursday, July 25, 2024, in Lynnwood, Washington. (Olivia Vanni / The Herald)
New Japanese-style sweets shop to open in Lynnwood

J. Sweets, offering traditional Japanese and western style treats opens, could open by early August at the Alderwood mall.

Diane Symms, right, has been the owner and CEO of Lombardi's Italian Restaurants for more than three decades. Now in her 70s, she's slowly turning the reins over to her daughter, Kerri Lonergan-Dreke.Shot on Friday, Feb. 21, 2020 in Everett, Wash. (Andy Bronson / The Herald)
Lombardi’s Italian Restaurant in Mill Creek to close

Lombardi’s Restaurant Group sold the Mill Creek property currently occupied by the restaurant. The Everett and Bellingham locations remain open.

The Safeway store at 4128 Rucker Ave., on Wednesday, Nov. 29, 2023, in Everett, Washington. (Mike Henneke / The Herald)
Kroger and Albertsons plan to sell these 19 Snohomish County grocers

On Tuesday, the grocery chains released a list of stores included in a deal to avoid anti-competition concerns amid a planned merger.

Helion Energy CEO and co-founder David Kirtley talks to Governor Jay Inslee about Trenta, Helion's 6th fusion prototype, during a tour of their facility on Tuesday, July 9, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Inslee energized from visit to Everett fusion firms

Helion Energy and Zap Energy offered state officials a tour of their plants. Both are on a quest to generate carbon-free electricity from fusion.

Awards honor employers who promote workers with disabilities

Nominations are due July 31 for the awards from the Governor’s Committee on Disability Issues and Employment.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.