The Cloudy World of Passwords
Over the last few months there have been a number of high-profile hacking attacks that have pointed to the inherent weakness of the fixed password authentication systems that control access to these services.
"... it is time for on-line service providers to start adopting identity authentication systems that are based on one-time passwords or passcodes.”
- Stephen Howes
Recent reports have highlighted the risks and flaws of static passwords and have suggested practical ways to improve password security and reduce the likelihood of a security breach. Suggestions have included changing passwords on a regular basis (e.g. every 30 days), using combinations of numbers and letters and mixing upper and lower case characters. However, these suggestions are really trying to make the best of a system that is fundamentally flawed, and I would say that such advice is comparable to proposing how to arrange the deckchairs on the Titanic as it sails full-steam towards the iceberg.
Static passwords have increasingly become the subject of a variety of malicious attacks, including shoulder-surfing, key-logging, screen-scraping and brute force ‘dictionary' attacks. The cyber-criminals responsible for these kinds of attacks are constantly adapting and updating their methods and, as the number of users of online services continues to rise, now really is the right time for individuals and organisations to embrace authentication methods that offer better security and improved ease of use. From recent phishing attacks targeting Twitter and Gmail to the news in February 2010 that Cambridge University scientists found a fundamental security flaw with the popular ‘chip and PIN' system, every week seems to throw up yet another story proving that static passwords and PINs are past their sell by date.
Gridsure is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk