Gawker, Sony, Zappos; the massive fallout from these and other data breaches involving weak password authentication schemes show that the current password system is dead. Let's face it - people simply can't remember a different complex password (consisting of eight or more letters, numbers and symbols) for each online account they have - especially when the average Internet user has more than 25 online accounts that require a password. Add to that the rapidly growing number of mobile applications that also require a password or PIN and people are quickly feeling overwhelmed. It's time we recognize that the current system is not sustainable or secure. New forms of authentication for websites and mobile applications must emerge.
Many organizations lay the burden of secure authentication at the feet of the users, telling them to simply choose harder passwords. Yet, users have proven time and time again that their nature is to choose weak passwords and use the same password for multiple online accounts. Rather than telling people to remember ever-more complicated passwords, online businesses need to completely move away from the archaic password practice and instead adopt advanced authentication technologies that are both more secure and easier for people to use.
The interconnected nature of the Web creates a domino effect whenever there is a large password breach like the ones at Gawker, Sony and Zappos. Knowing that people often use the same password on multiple accounts, fraudsters take the passwords leaked from Sony or Zappos and use them the try to access accounts on other websites, thereby harming security at a number of other, unrelated websites. This domino effect, coupled with the vast amount of sensitive information people shared and stored online means that the burden needs to shift from consumers to the online businesses themselves. Websites must start making strong authentication standards on their consumer-facing websites a priority.
Fortunately, strong online authentication is easier to achieve now than ever before. The availability of cloud-based authentication solutions make it easy for websites to employ technologies that generate one-time passcodes for each login, which can be used to replace traditional passwords completely or be added to the password to strengthen the security of the login if the user chose a weak password.
The widespread use of mobile phones and mobile applications now make it possible for websites to employ multi-factor authentication without using hardware tokens, smart cards or biometrics. Some online banks and other security-minded businesses have begun using SMS text messages to send authentication codes to users' phones or "soft token" applications on user's smartphones. The touchscreen capabilities of smartphones and tablets also make it possible to use pattern-based or image-based authentication, allowing users to simply tap a few pictures or draw a pattern on the touchscreen to authenticate. All of these methods are ways for organizations to provide users with easier yet more secure authentication.
Until more websites eliminate "dead" password schemes in favor of strong authentication methods that are easy for users, we'll continue to see poor password practices on the web, making it easy for hackers to take a data breach at one website and use the revealed credentials to compromise user accounts and commit fraud on a number of other websites.
Why You May Want to Hide Your IP Why Having a Secure Wireless Network Is Important SSL Certificates Help You to Secure Yourself and Website to Prevent Holiday Hoaxes This Christmas How To Avoid Credit Card Fraud Software License - How to Avoid Future Hassles
0 comments:
Post a Comment