News

Is A Password Enough? A Closer Look at Authentication

07/26/2012 - 13:00
Yahoo reported the theft of some 400,000 user names and passwords to access its website, acknowledging hackers took advantage of a security vulnerability in its computer systems. The Mountain View, California-based LinkedIn, an employment and professional networking site which has 160 million members, was hacked and suffered a data breach of 6 million of its clients and is now involved in a class-action lawsuit. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used in these cases, then the hacks may be a moot point and the hacked data useless to the thief. The biggest part of the password problem is in 2 parts: first, we are lazy with passwords, for example in regards to the Yahoo breach  CNET pointed out that: 2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up. 160: The number of times “111111″ is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000″ is used 71 times. Second: spyware, malware and viruses on a user’s device can easily record passwords.  Which means this username (which is often a publically known email address) and password is easy to obtain from an infected device. The numerous scams which entice users to cough up sensitive data is a proven con that works enough to keep hackers hacking. Multi-factor authentication, which your bank uses is far better and more secure and it requires a username, password and “something you have”—a personal security device separate from the PC While additional authentication measures might be a burden to some, it’s a blessing to others who recognize the vulnerabilities of their online accounts otherwise. Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures
Views: 
402
  • My comment
  • Comments [0]

Add new comment

No comments available


Related content


Tips [0]

No results are available with these criteria.

News [0]

No results are available with these criteria.

Focus [0]

No results are available with these criteria.


If you do not findthe answer you're looking for...

Ask your question