Over the past couple of decades it has become abundantly clear that human beings can't be trusted to come up with decent passwords. We might combine the name of a childhood pet with a two-digit number and proudly use it across multiple services, imagining that it ranks alongside Fort Knox in terms of its security. But it doesn't. Bad passwords continue to be exploited by criminals, either by using computers to work their way through large databases of breached passwords, or simply by guessing them. Credentials, cash and personal identities are stolen and misused on a daily basis.
The password problem
The battle against bad passwords has been waged in many ways over the years. Services ask us to change them, they force us to litter them with unusual symbols, and they send additional codes to our mobile phones to confirm our identities. But an industry consortium has now made a significant step towards a future in which passwords become obsolete. Recent versions of the Android mobile operating system – currently used by about one billion devices worldwide – are now certified to use a security system called FIDO2.
The result is that developers can allow access to websites and apps with a fingerprint or a USB security key. No longer will we have to think up strings of letters and numbers, remember them and type them out. FIDO2 may finally save us from our failing memories and lack of imagination.
The move can’t come soon enough. A report released at the end of last year by password management company SplashData revealed that, for the fifth consecutive year, the two most popular passwords online are still “123456” and “password”.
The difficulty of remembering multiple passwords causes us to reuse the same ones across several different services, and that's what makes breaches of password data so dangerous – by using a technique called "credential stuffing", criminals can force their way into a series of accounts. In the past few days, for example, accounts with smart home product manufacturer Nest were attacked in this way. But it's not their fault, it's ours.
Can FIDO2 save us?
The burning question is why, despite being told repeatedly that our passwords are terrible, have we been reluctant to change our ways? One reason is that we become emotionally attached to them, not least because they often (unsafely) incorporate the names of people or things we hold dear. Also, because we need so many, we make passwords easy to remember. Even computer experts do that. In 2016, researcher Elizabeth Stobert surveyed several experts and was surprised by their password habits. "It is telling that they have chosen to trade off security for usability in certain situations," she said. "The social and contextual pressures that affect everyone also affect computer security experts."
As our dependence on digital services grows, the password problem grows, too, but FIDO2 shifts the whole idea of authentication over to the device you're using. In other words, instead of your device sending a password to a service for checking, FIDO2 merely asks for proof that you are who you say you are. That can be done with a fingerprint sensor or a USB key, so passwords aren't needed. Some online banking services have used this system for a while, but the certification of Android should help to establish it as the norm.
Per Thorsheim, a self-confessed password obsessive who runs a global conference called PasswordsCon, which addresses the challenges surrounding digital authentication, is optimistic about FIDO2. "At the last conference, everyone in the room, from geeks to police, and intelligence experts to hackers, agreed that nothing came as close as this to improving security beyond the username and password," he says. "We actually think this might work – and we haven't said that about anything for the past 15 years."
What's the practical solution?
But while the technology is sound, he believes that there are practical issues that stand in its way. "If I gave a USB security key to my mother and told her that it replaces her password, she wouldn't be interested in spending even two minutes learning how to use it. And people will obviously lose them or forget to carry them," he says.
Thorsheim also notes that fingerprint logins are easily bypassed on an iPhone, for example, because you can swipe to log in with a PIN instead. "That's not security, it's convenience," he says. "It doesn't remove passwords from the equation, it just hides them. Passwords are not disappearing. They'll be around for at least the rest of my days on Earth."
If Thorsheim is correct, and the death blow to passwords is more than 20 years away, how should we secure ourselves in the interim? The commonly held belief that you should use a mixture of capital letters, lower-case letters and numbers, while changing your password every 90 days, has been rescinded by Bill Burr, the American software engineer who championed the practise in 2003.
Passwords are not disappearing. They'll be around for at least the rest of my days on Earth.
One hacker says any eight-character password can now be cracked by a computer in under three hours, so longer phrases are essential. Two-factor authentication, in which your phone receives additional confirmation codes, is worth adopting, but the critical piece of advice is to use different passwords for each service. And if that becomes a headache, use a password manager such as 1Password, DashLane or LastPass.
When breaches are reported in the media, they're often made out to be cataclysmic events, such as when more than 21 million passwords from a number of sources were dumped online in January. But the truth is, they mainly contain old passwords, which with luck, you will have stopped using by now. However, if you're worried, services such as Google's Password Checkup can tell you if yours is floating around the internet, and if it is, Thorsheim says you are a target for hackers.
"People don't understand the benefit of strong passwords because nobody has been hacked until they've been hacked," he says. "That's the moment when they realise how bad it can actually be."
'My Son'
Director: Christian Carion
Starring: James McAvoy, Claire Foy, Tom Cullen, Gary Lewis
Rating: 2/5
List of alleged parties
May 12, 2020: PM and his wife Carrie attend 'work meeting' with at least 17 staff
May 20, 2020: They attend 'bring your own booze party'
Nov 27, 2020: PM gives speech at leaving party for his staff
Dec 10, 2020: Staff party held by then-education secretary Gavin Williamson
Dec 13, 2020: PM and his wife throw a party
Dec 14, 2020: London mayoral candidate Shaun Bailey holds staff event at Conservative Party headquarters
Dec 15, 2020: PM takes part in a staff quiz
Dec 18, 2020: Downing Street Christmas party
Libya's Gold
UN Panel of Experts found regime secretly sold a fifth of the country's gold reserves.
The panel’s 2017 report followed a trail to West Africa where large sums of cash and gold were hidden by Abdullah Al Senussi, Qaddafi’s former intelligence chief, in 2011.
Cases filled with cash that was said to amount to $560m in 100 dollar notes, that was kept by a group of Libyans in Ouagadougou, Burkina Faso.
A second stash was said to have been held in Accra, Ghana, inside boxes at the local offices of an international human rights organisation based in France.
COMPANY PROFILE
Name: Mamo Year it started: 2019 Founders: Imad Gharazeddine, Asim Janjua Based: Dubai, UAE Number of employees: 28 Sector: Financial services Investment: $9.5m Funding stage: Pre-Series A Investors: Global Ventures, GFC, 4DX Ventures, AlRajhi Partners, Olive Tree Capital, and prominent Silicon Valley investors. The specs
Engine: 5.2-litre V10
Power: 640hp at 8,000rpm
Torque: 565Nm at 6,500rpm
Transmission: 7-speed dual-clutch auto
Price: From Dh1 million
On sale: Q3 or Q4 2022
RESULTS
6.30pm: Meydan Sprint Group 2 US$175,000 1,000m
Winner: Ertijaal, Jim Crowley (jockey), Ali Rashid Al Raihe (trainer)
7.05pm: Handicap $60,000 1,400m
Winner: Secret Ambition, Richard Mullen, Satish Seemar
7.40pm: Handicap $160,000 1,400m
Winner: Raven’s Corner, Richard Mullen, Satish Seemar
8.15pm: Dubai Millennium Stakes Group 3 $200,000 2,000m
Winner: Folkswood, William Buick, Charlie Appleby
8.50pm: Zabeel Mile Group 2 $250,000 1,600m
Winner: Janoobi, Jim Crowley, Mike de Kock
9.25pm: Handicap $125,000 1,600m
Winner: Capezzano, Mickael Barzalona, Salem bin Ghadayer
RESULTS
1.45pm: Handicap (TB) Dh80,000 (Dirt) 1,400m
Winners: Hyde Park, Royston Ffrench (jockey), Salem bin Ghadayer (trainer)
2.15pm: Conditions (TB) Dh100,000 (D) 1,400m
Winner: Shamikh, Ryan Curatolo, Nicholas Bachalard
2.45pm: Conditions (TB) Dh100,000 (D) 1,200m
Winner: Hurry Up, Royston Ffrench, Salem bin Ghadayer.
3.15pm: Shadwell Jebel Ali Mile Group 3 (TB) Dh575,000 (D) 1,600m
Winner: Blown by Wind, Xavier Ziani, Salem bin Ghadayer
3.45pm: Handicap (TB) Dh72,000 (D) 1,600m
Winner: Mazagran, Tadhg O’Shea, Satish Seemar.
4.15pm: Handicap (TB) Dh64,000 (D) 1,950m
Winner: Obeyaan, Adrie de Vries, Mujeeb Rehman
4.45pm: Handicap (TB) Dh84,000 (D) 1,000m
Winner: Shanaghai City, Fabrice Veron, Rashed Bouresly.
MOUNTAINHEAD REVIEW
Starring: Ramy Youssef, Steve Carell, Jason Schwartzman
Director: Jesse Armstrong
Rating: 3.5/5
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%3A%20%3C%2Fstrong%3EMascotte%20Health%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2023%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EMiami%2C%20US%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Bora%20Hamamcioglu%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EOnline%20veterinary%20service%20provider%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EInvestment%20stage%3A%3C%2Fstrong%3E%20%241.2%20million%20raised%20in%20seed%20funding%3C%2Fp%3E%0A
The biog
Hobby: "It is not really a hobby but I am very curious person. I love reading and spend hours on research."
Favourite author: Malcom Gladwell
Favourite travel destination: "Antigua in the Caribbean because I have emotional attachment to it. It is where I got married."
COMPANY PROFILE
Name: HyperSpace
Started: 2020
Founders: Alexander Heller, Rama Allen and Desi Gonzalez
Based: Dubai, UAE
Sector: Entertainment
Number of staff: 210
Investment raised: $75 million from investors including Galaxy Interactive, Riyadh Season, Sega Ventures and Apis Venture Partners
