cyber security and humans

Isn’t it easier to have one password for every account you have online? It prevents filling your room with sticky notes for every new account you make. But this means that when the security of one of these websites is compromised, every account you have is at risk of getting hacked. Even then, people choose not to change their password, because they believe it’s unlikely anything will compromise their security. However, just about anyone can be the victim of an online attack. Many people’s passwords also are on the simpler side to be easier to remember. Nobody can remember a string of letters, numbers, and symbols. But a loved one’s birthday or the name of your favorite movie is much simpler to remember. These passwords are the easiest to crack, with the rise of guessing algorithms powered by faster and faster computers.

If people aren’t practicing online safety guidelines while surfing the web, then the industry will have to take responsibility. This is a huge burden on many companies because no wall is without cracks. Exceedingly, it has been shown that even the tech giant Apple can’t prevent exploits such as the Jailbreak in their phones. Every time they patch the way in, hackers/developers find a new way in. The future of security will be no different the cat-and-mouse game that is already happening today. Constantly, we find unintended ways in and developers have to patch them. The job of a programmer, like myself, is to find and patch bugs laboriously, especially with security risks but no individual, group, or the corporation will find make a program 100% exploit free.

With both human behavior and developers being fallible what solution is there in sight? We have gone great leaps to avoid the need to rely on just a string of letters to gain access. Google was one of the pioneers of two-factor authentication. This technology alone allowed for people to know just who is trying to get access to their accounts by requiring one’s phone to alert the user and allow access. Other forms as passcodes such as FaceID and TouchID also increased security alongside with convenience. One’s own face is hard to replicate to a camera that measures depth which means unless hackers use 3D printers, we’re safer using it. It is also faster than typing out a password for convenience’s sake. More innovations that require active participation from the user is the future.

But how much safer can we get than 3D modeling our face? Are we comfortable with taking a blood sample every time we need to unlock our phone? Ignoring the logistics of taking blood samples every few minutes and its toll on the body, this question shows how authentication is a struggle between security and trust. Even FaceID struggles with this dilemma. We probably wouldn’t trust our phone to collect blood samples and we barely trust that our phones aren’t uploading our face to a database that Apple sells access to.

Yet we take that risk. Because the effects of having your identity stolen online are much more tangible than the effects of companies collecting more and more information on us. We fear what we can see but what we can’t only lurks in the shadows of the unconscious.

Unlock my iPhone Siri.

I’m afraid I can’t do that user…


…your face is too far from the camera.

Luis Soto

About the Author

Luis Soto is a part of Northeastern University’s 122nd entering class, where he studies Computer Science and Computer Engineer.   Luis hopes to one day own a company that finds applications for machine learning algorithms.