Skip to Content

Privacy & Data

Petition Against Passwords Draws Attention to the Insecurity of Current Password Systems

Never write down your passwords. Pick a different one for every service you use. Make sure you use capital and lowercase letters, and symbols, and numbers. We all know the rules, and some of us are even starting to use them, but the reality is that even these rules aren’t enough to protect as from serious data breaches. Just ask journalist Mat Honan.

Last year Honan was the victim of malicious hacking attack, with hackers accessing his Google, Apple and Twitter accounts, resulting in the loss of years of personal data. This experience convinced Honan that relying on one piece of data to protect our private information was unfeasible and unsustainable.

Clef, a San Francisco-based startup, recently launched Petition Against Passwords to encourage people to use alternatives to password security. Clef has developed its own smartphone-based system for security, and there are a number of solutions beyond this option offered by other companies such as biometric scanning, USB keys, and multifactor identity verification, as noted on the petition. But in order to encourage adoption of new authentication techniques, companies will have to invest in developing solutions that users will adopt and embrace, rather than create processes that are too onerous for the average consumer.

Passwords, while fairly simple for most users, are notoriously insecure, difficult to remember, and susceptible to data breach. Between keyloggers, simple guessing, brute force hacking, or conning of customer service departments, hackers have an array of options if they want to access your personal information or financial data. There is clearly a need for innovative security solutions like the one developed by Clef and others.

The risks of poor password protection are obvious and vast. As the petition site notes, companies as varied as LivingSocial, Evernote, Twitter, and Drupal have been the victim of hacking that exposed millions of users’ account and password information. In order to adequately protect individual privacy interests against the risk of data breach, companies will need to develop password alternatives that are more robust and more user-friendly.