Passwords are dead

Modern Internet security is no longer just about protecting your credit card details or having a super-secret Internet banking password.

In fact, Google's manager of information security Heather Adkins said last week: "Passwords are dead."

Speaking on a TechCrunch Disrupt panel called "Spies Like Us," she said in the future, the "game is over for" any startup that relies on passwords as its chief method to secure users and their data, cnet.com reports.

A large number of today's more successful cyber criminals are plying their trade in the information game and for them, having backdoor access to somebody's e-mail or social networking accounts is as much a gold mine as having a list of stolen or compromised credit cards.

Think about it. Apart from blackmail, there's a ton of scary stuff cyber criminals can do with unfettered access to your Facebook or Twitter account today.

Matt Honan, a senior writer for Wired's Gadget Lab, recently had his digital life destroyed. He wrote in Wired: "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages.

"And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all the data on my iPhone, iPad and MacBook."

Before you rush out and buy every piece of software with the words "Internet Security" emblazoned on it though, you should know there are free security measures you can use.

The best part is, they're already built into the services - Gmail, Facebook, Twitter, LinkedIn and others you're already using.

What you're looking for is something called "two-factor authentication". While the name may sound complicated, the theory behind it is actually rather simple.

This kind of security relies on two layers of authentication - a password and something else, like a fingerprint, retinal scan or far more conveniently, an SMS sent to your mobile. Yes, just like with Internet banking.

When you log into Facebook, it needs your e-mail address (which almost anyone can know) and your password (something only you should know).

Two-factor will require a third "password-like" piece of information, like a one-time pin. The information required varies - all that counts is that it is something only you could know, or have the ability to know. For the moment, two-factor authentication is the best and easiest way of securing your online accounts, but the future could be very different.

Apple has just announced a new iPhone, the iPhone 5S. Its latest flagship mobile phone has a fingerprint reader nestled underneath a redesigned sapphire glass home button. The fingerprint replaces your password, which theoretically makes the whole experience a little more secure.

So, what do you do if there is no two-factor authentication option and you don't have the luxury of a built-in fingerprint sensor?

Password managers (see sidebar for some suggestions) will generate super long, secure and random passwords for all of your online services and store them in a secure vault, unlocked by one, master password you create.

This means you'll never need to use the same password twice (mitigating the risk if one of those online services happens to be hacked). Just don't lose, forget or leak the master password.

One last thing. I'm not for a second suggesting that two-factor authentication is all you need.

Security has many layers (like an onion). The more layers, the more secure you (and your information) are likely to be.

So yes, use two-factor authentication. Just don't forget to explore other options (multiple layers, right?) like an antivirus, anti-spyware solution and, of course, common sense, exercising some scepticism when a foreign prince offers to deposit a couple of million dollars into your bank account.

Greenway works for the tech blog htxt.africa