Despite countless warnings, surveys suggest that about 80 per cent of the passwords we use are virtually hopeless.
Despite countless warnings, surveys suggest that about 80 per cent of the passwords we use are virtually hopeless.

Better passwords the key to safer cybersecurity



Once the preserve of spies and their masters, cryptology – the science of keeping secrets – now affects us all.

Hardly a week goes by without news that one government has been spying on another, or that hackers have broken into a website and made off with client data.

Earlier this month the crowdfunding site Kickstarter became the latest high-profile victim of hacking. Customer information including usernames, email and postal addresses were stolen.

The company insists no credit card data was accessed, and that the security breach has been rectified. Even so, it has advised its five million-plus users to change their passwords “as a precaution”.

All of which prompts the question: why can’t these supposedly tech-savvy companies keep our secrets secret?

Bluntly, the fault largely lies not with them, but with us. Despite countless warnings, surveys suggest that about 80 per cent of the passwords we use are virtually hopeless.

Last month, online security company SplashData announced that “123456” now topped its annual Worst Password list – having beaten that long-standing champ “password” into second place.

It’s hardly a secret why such pathetic passwords are so common: most of us just can’t be bothered to devise and memorise individual, secure passwords for all the sites we access.

This highlights one of the enduring challenges of real-life cryptology: the compromise between security and convenience. And it’s one that a UAE-based cryptologist is trying to tackle. Dr Ziyad Al Salloum, of ZSS Research, Ras Al Khaimah, thinks the answer lies in pictures rather than words.

We all know we’re supposed to pick passwords made from long, complex character strings, such as 45Gh6%7hUklR9#3. With more permutations than there are particles in the universe, such a password is all but impossible to break.

But such passwords are also incredibly hard for humans to remember, and even cryptologists accept that for that reason they are never going to be widely used.

That’s led them to turn to a neat mathematical trick to make even “123456” a bit harder to break.

In school maths, we learn how to “undo” the operation of multiplication by using the reverse process of division. In the mid-1970s, cryptologists began investigating a means of keeping passwords secret using operations that are very hard to reverse.

They focused on so-called “hash functions” – ways of scrambling long strings of characters that can’t easily be reversed.

The idea was that companies would then store not the client passwords themselves, but only the scrambled versions.

Every time a user typed in a password, it would be scrambled according to the mathematical recipe and the outcome checked against the list of scrambled versions held by the company, which would have no idea what the original password actually is.

That solves the problem of both company insiders or outside hackers getting access to the original passwords – as the hashing process is very hard to undo.

Or at least, that was the theory. Like most clever ideas in cryptology, however, it quickly fell victim to the ingenuity of code-breakers. They found a neat trick for undermining the hashing process, called a dictionary attack.

This involves compiling a “dictionary” of the hashed version of likely passwords, and looking for these in the stolen records. As the same characters always produce the same hashed versions, the dictionary would then reveal the original password.

The cryptologists hit back by adding a long random number to every password before it gets hashed. Known as “salting”, this hides the connection between the password and the hashed version, preventing dictionary attacks.

This is the basic method used by many commercial companies – including Kickstarter – to keep client passwords safe.

Even with this extra security, clients using weak passwords are still much more vulnerable than others. That’s because hackers start with simple passwords, and then focus on removing the random number “salt” to see if they’re right.

So what can be done to get everyone to use better passwords? Making complex ones more memorable would be a start.

And that’s the approach being taken by Dr Al Salloum. He is developing a source of unguessable passwords based on the fact that we remember places far better than random character strings.

The idea is very simple: instead of picking passwords, we pick a place in the world that means something to us from an online atlas similar to Google Maps. Divided up into a grid of hundreds of billions of squares, this “password atlas” allows the location of our special place to be turned into a very long number-string. This can then be added to a long random number “salt”, and the combination converted via a hash function into a very secure password string. All we have to remember is the location – a building, say, or road junction – that we chose.

Describing his method in the current issue of the International Journal of Signal and Imaging Systems Engineering, Dr Al Salloum says it’s far more resistant to standard hacking techniques used to turn hash strings back into passwords.

Perhaps so, but it’s unclear whether it will stop people swapping their guessable passwords like “123456” for images of guessable locations like the Eiffel Tower or the Burj Khalifa.

And even if it does, you can be sure the hackers will find a way around it eventually. Cryptologists know they’re locked in a Darwinian war for supremacy that’s not going to stop any time soon.

In the meantime, there’s a trick anyone can use to create better passwords: use pass-phrases instead.

Think of a simple phrase – such as “Brad Pitt was born in Oklahoma in 1963” – and take the initials of each word, plus the number: “BPwbiOi1963”.

The result is not utterly unbreakable, but it’s easy to remember – and it’ll keep hackers out of your account for longer than it takes to type “123456”.

Robert Matthews is visiting reader in science at Aston University, Birmingham

Company%20Profile
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20HyveGeo%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202023%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Abdulaziz%20bin%20Redha%2C%20Dr%20Samsurin%20Welch%2C%20Eva%20Morales%20and%20Dr%20Harjit%20Singh%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3ECambridge%20and%20Dubai%3Cbr%3E%3Cstrong%3ENumber%20of%20employees%3A%3C%2Fstrong%3E%208%3Cbr%3E%3Cstrong%3EIndustry%3A%20%3C%2Fstrong%3ESustainability%20%26amp%3B%20Environment%3Cbr%3E%3Cstrong%3EFunding%3A%20%3C%2Fstrong%3E%24200%2C000%20plus%20undisclosed%20grant%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EVenture%20capital%20and%20government%3C%2Fp%3E%0A
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Revibe%20%0D%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202022%0D%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Hamza%20Iraqui%20and%20Abdessamad%20Ben%20Zakour%20%0D%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20UAE%20%0D%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Refurbished%20electronics%20%0D%3Cbr%3E%3Cstrong%3EFunds%20raised%20so%20far%3A%3C%2Fstrong%3E%20%2410m%20%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EFlat6Labs%2C%20Resonance%20and%20various%20others%0D%3C%2Fp%3E%0A
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Klipit%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202022%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Venkat%20Reddy%2C%20Mohammed%20Al%20Bulooki%2C%20Bilal%20Merchant%2C%20Asif%20Ahmed%2C%20Ovais%20Merchant%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%2C%20UAE%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Digital%20receipts%2C%20finance%2C%20blockchain%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFunding%3A%3C%2Fstrong%3E%20%244%20million%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Privately%2Fself-funded%3C%2Fp%3E%0A
Company%20Profile
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Hoopla%3Cbr%3E%3Cstrong%3EDate%20started%3A%20%3C%2Fstrong%3EMarch%202023%3Cbr%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Jacqueline%20Perrottet%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%3Cbr%3E%3Cstrong%3ENumber%20of%20staff%3A%3C%2Fstrong%3E%2010%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3EPre-seed%3Cbr%3E%3Cstrong%3EInvestment%20required%3A%3C%2Fstrong%3E%20%24500%2C000%3C%2Fp%3E%0A
How to protect yourself when air quality drops

Install an air filter in your home.

Close your windows and turn on the AC.

Shower or bath after being outside.

Wear a face mask.

Stay indoors when conditions are particularly poor.

If driving, turn your engine off when stationary.

Three ways to get a gratitude glow

By committing to at least one of these daily, you can bring more gratitude into your life, says Ong.

  • During your morning skincare routine, name five things you are thankful for about yourself.
  • As you finish your skincare routine, look yourself in the eye and speak an affirmation, such as: “I am grateful for every part of me, including my ability to take care of my skin.”
  • In the evening, take some deep breaths, notice how your skin feels, and listen for what your skin is grateful for.
ADCC AFC Women’s Champions League Group A fixtures

October 3: v Wuhan Jiangda Women’s FC
October 6: v Hyundai Steel Red Angels Women’s FC
October 9: v Sabah FA

COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%20%3C%2Fstrong%3ESmartCrowd%0D%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2018%0D%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ESiddiq%20Farid%20and%20Musfique%20Ahmed%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EDubai%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%20%2F%20PropTech%0D%3Cbr%3E%3Cstrong%3EInitial%20investment%3A%20%3C%2Fstrong%3E%24650%2C000%0D%3Cbr%3E%3Cstrong%3ECurrent%20number%20of%20staff%3A%3C%2Fstrong%3E%2035%0D%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3ESeries%20A%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EVarious%20institutional%20investors%20and%20notable%20angel%20investors%20(500%20MENA%2C%20Shurooq%2C%20Mada%2C%20Seedstar%2C%20Tricap)%3C%2Fp%3E%0A
Company%20profile
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Fasset%0D%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2019%0D%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Mohammad%20Raafi%20Hossain%2C%20Daniel%20Ahmed%0D%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%0D%3Cbr%3E%3Cstrong%3EInitial%20investment%3A%3C%2Fstrong%3E%20%242.45%20million%0D%3Cbr%3E%3Cstrong%3ECurrent%20number%20of%20staff%3A%3C%2Fstrong%3E%2086%0D%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%3C%2Fstrong%3E%20Pre-series%20B%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Investcorp%2C%20Liberty%20City%20Ventures%2C%20Fatima%20Gobi%20Ventures%2C%20Primal%20Capital%2C%20Wealthwell%20Ventures%2C%20FHS%20Capital%2C%20VN2%20Capital%2C%20local%20family%20offices%3C%2Fp%3E%0A
COMPANY%20PROFILE
%3Cp%3ECompany%20name%3A%20CarbonSifr%3Cbr%3EStarted%3A%202022%3Cbr%3EBased%3A%20Dubai%3Cbr%3EFounders%3A%20Onur%20Elgun%2C%20Mustafa%20Bosca%20and%20Muhammed%20Yildirim%3Cbr%3ESector%3A%20Climate%20tech%3Cbr%3EInvestment%20stage%3A%20%241%20million%20raised%20in%20seed%20funding%3Cbr%3E%3C%2Fp%3E%0A
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%3A%3C%2Fstrong%3E%20Eco%20Way%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%20December%202023%3Cbr%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Ivan%20Kroshnyi%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%2C%20UAE%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Electric%20vehicles%3Cbr%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Bootstrapped%20with%20undisclosed%20funding.%20Looking%20to%20raise%20funds%20from%20outside%3Cbr%3E%3C%2Fp%3E%0A
COMPANY PROFILE
Name: Airev
Started: September 2023
Founder: Muhammad Khalid
Based: Abu Dhabi
Sector: Generative AI
Initial investment: Undisclosed
Investment stage: Series A
Investors: Core42
Current number of staff: 47
 
Joker: Folie a Deux

Starring: Joaquin Phoenix, Lady Gaga, Brendan Gleeson

Director: Todd Phillips 

Rating: 2/5

RESULTS

Main card

Bantamweight 56.4kg: Mehdi Eljamari (MAR) beat Abrorbek Madiminbekov (UZB), Split points decision

Super heavyweight 94 kg: Adnan Mohammad (IRN) beat Mohammed Ajaraam (MAR), Split points decision

Lightweight 60kg:  Zakaria Eljamari (UAE) beat Faridoon Alik Zai (AFG), RSC round 3

Light heavyweight 81.4kg: Taha Marrouni (MAR) beat Mahmood Amin (EGY), Unanimous points decision

Light welterweight 64.5kg: Siyovush Gulmamadov (TJK) beat Nouredine Samir (UAE), Unanimous points decision

Light heavyweight 81.4kg:  Ilyass Habibali (UAE) beat Haroun Baka (ALG), KO second round

The%20specs
%3Cp%3E%3Cstrong%3EEngine%3A%3C%2Fstrong%3E%203.9-litre%20twin-turbo%20V8%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E620hp%20from%205%2C750-7%2C500rpm%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E760Nm%20from%203%2C000-5%2C750rpm%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3EEight-speed%20dual-clutch%20auto%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3ENow%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh1.05%20million%20(%24286%2C000)%3C%2Fp%3E%0A
Bridgerton%20season%20three%20-%20part%20one
%3Cp%3E%3Cstrong%3EDirectors%3A%20%3C%2Fstrong%3EVarious%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Nicola%20Coughlan%2C%20Luke%20Newton%2C%20Jonathan%20Bailey%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E3%2F5%3C%2Fp%3E%0A

The UAE Today

The latest news and analysis from the Emirates

      By signing up, I agree to The National's privacy policy
      The UAE Today