I received an email from Apple last week, telling me that an attempt had been made to sign into my Apple iCloud account in China and if this was not me (which it wasn’t) I should consider changing my password.
I thought little of it at the time but the more I see of these emails from service providers, the more I am beginning to think there is something fundamentally wrong with the whole ‘change your password’ process, right across the industry.
Take the attempted security breach on my account as an example. The hacker probably used a brute force attempt to access my account as this is the simplest one to do and yields the most results.
However they didn’t access my account or the email from Apple would have said they had. What apple noted were a series of consecutive attempts to access my account, all of which failed. Surely this points to the fact that I have chosen a particularly complex password, which a brute force attempt failed to penetrate. Surely this indicates that I should keep my password EXACTLY as it is. Why would I change it when it did what it was intended to do?
However this raises a second question. How do I stop them coming and having another go?
You see the thing I cannot change about my iCloud account (and almost every account I have) is the user name. This is the immutable link between me and that account. In fact, in most cases it is the email linked to that account so now the potential hacker knows two things about me; my username and the email address associated with the account in question.
So they can now keep coming back time and time again and try ever more sophisticated means to break into my account, knowing exactly where to find it, regardless of how many times I change my password. But there’s nothing wrong with my password, it’s the user name that is the vulnerability. It is that which draws the hacker back, time and again, because they know it is a valid account.
What I should be able to do is to change my username. To alter the very identity of my account so that when the hacker returns, not only can he not break the password, he can’t even find my account in the first place.
The thief who keeps trying to break into my house may be confounded by a good lock, but if the next time he comes back, the house is in a totally different location, then his chance of breaking into it are almost none.
The thing is, I can’t see a reason why companies haven’t latched onto this. If they fear a potential hack, why not let me move my house? Clearly the locks stood up to the burglary attempt, but it is only a matter of time until the burglar brings along a master lock-picker.
If companies emailed the account holders and said, “Hey we noticed an attempt to break into your account that failed. Well done you for using a secure and complex password, but it might be worth changing your username, so they can’t find your account easily and try again”
The reason companies force you to choose a username for life is that our account data is stored in a relational database and the easiest way to hold that information is against a primary key, ‘dave12345’ for example. But then this record has to remain the same so that all of the tables in the database remain linked together. Its lazy programming and what companies should be using is a ‘hidden’ primary key. A field that always remains the same to retain the structure of the data, but is not used as the username for log-in purposes.
As cyber-crime increases, the public needs to be given more sophisticated ways of protecting themselves. The days of ‘change your password’ are over and some smart thinking about how to keep accounts secure has to be done.