University City

UNCC discussion: If passwords die, what’s next in cybersecurity?

We use passwords every day. They unlock our information, the kind of personal data no one else is supposed to see.

Some of us have a one-size-fits-all password for everything from social media sites to online banking accounts. Others have so many passwords they need to write them all down to keep track.

But how effective are passwords today? Easily compromised by criminals, are they being hacked nearly to death?

And if so, how will the millions of computer users in the world be able to authenticate that they are who they say they are online, without passwords?

That’s one of the topics to be discussed at the 14th annual UNC Charlotte Cyber Security Symposium. It’s scheduled for Oct. 9 at the Cone University Center on the UNCC campus, and registration is full.

Sponsored by the College of Computing and Informatics, the daylong event brings in experts from around the nation to discuss the latest trends in cybercrimes and the latest efforts to stop them.

A decade ago, the only people really interested in cybercrime security were the leaders of corporations, who needed to protect their vast data centers from corruption. That’s not the case today.

Cybercrime has escalated since the advent of mobile devices, making everyone with a smartphone or tablet vulnerable to an attack.

According to data compiled by, an international website developer, every second 18 people become victims of cyberattacks. Every day, 600,000 Facebook accounts are hacked. Most attacks come in the form of malware, worms, Trojans and viruses.

“Criminals are very creative,” said Bill Chu, professor of software and information systems in the College of Computing and Informatics. “They’ll steal anything that they can steal – your contact information, credit card information – it can all be manipulated to their advantage.”

There’s more than one kind of hacker. They run the gamut, from bored teenagers breaking in for sport to international cybercriminals phishing for opportunities to commit large-scale fraud. Some estimates place the damage around $100 billion annually worldwide.

As a result, Chu said he expects to see more insurance companies begin to offer insurance against cybercrimes.

“We’re on the verge of major change in this area,” he said.

Attitudes on the best way to protect data have shifted since the university’s first symposium in 2001.

Back then, the best offense and defense was to build an impenetrable firewall. After years of trying, software experts have determined that’s impossible.

“It seems the community realizes that no matter how many firewalls, no matter how good your barriers are, you’re going to have people that can figure it out,” said Mary Lou Maher, chairwoman of the Software and Information Systems Department in the College of Computing and Informatics. “The new approach is to mitigate the damage. Isolate it and don’t let them get very far.”

Part of that process may mean swapping out the idea of the password one day with a newer technology.

“There’s a lot of research into moving away from an authentication password,” said Maher. “Researchers are trying to figure out what would we do if the password is dead.”