Recently, in its blog, Twitter has confessed that it has been keeping is users’ stored passwords as “unmasked in an internal log”. This simply means that the users’ passwords were visible and easily readable. Twitter cyber security specialists identified and solved the problem themselves and afterwards asked millions of its users to change their passwords. They did not, however, specify the number of accounts that got under risk; news company Reuters says that more than 330 million users received messages asking them to change passwords. Although the company ensures that none of the accounts were breached or even attempted to be breached, this accident shows a massive lack of control over data security in the company, damaging its reputation.
Previously, Twitter suffered from a significant data breach where more than 32 million profiles could be purchased on the dark net. Following that experience, Twitter sent notifications to its users asking them to update their passwords so that their passwords were strong and not similar to ones used for different websites.
What is wrong with passwords today?
People have to use passwords everywhere: bank accounts, social networks, music subscriptions, online retailers. Passwords are referred to at least once a day and can be a nightmare to remember. Many people keep dozens of passwords in their heads, others write them down, some even keep them on stickers attached to their laptops!
Different people use different algorithms in terms of creating passwords. The majority of people use “password”, “123456”, and “qwerty” as at least one of their passwords. Others follow more secure rules when trying to create complicated passwords, involving uppercase letters, numbers and punctuation marks, so that they can be easily remembered. When their accounts become compromised, they forget their passwords or they lose the piece of paper where they used to keep their passwords, users start to struggle and have to reset them. Users then attempt to create a new algorithm or add a new letter/number to the existing password just to make the new password as memorable as the old one was. In addition, they also need to create new passwords for new services and website and then recover and reset passwords for these accounts. For the modern internet users, it may quickly become a vicious circle of creating and then resetting passwords as new services arrive every day.
Some cyber security professionals develop and advise using password managers that can keep all user passwords in one system, generate complex passwords and automatically release them on users’ websites. However, other professionals say that they compromise users even more because password managers can be hacked and if they are hacked, fraudsters receive the passwords to all websites that people connect to these managers.
PixelPin exists to win the competition against passwords with its picture authentication solution. Users no longer need to suffer from a headache when remembering and reproducing password; with PixelPin users can set up any picture as their password and use four points of interest on this picture as their passpoints.
