Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Alternative to Passwords Could Prevent Data Being Compromised

Gridsure : 04 March, 2010  (Technical Article)
Stephen Howes of GrIDsure provides his view on recent password-protected services being compromised and how this can be prevented with the use of alternative technology
Stephen Howes, CEO GrIDsure, an alternative to PINs and passwords, explains why we will see incidents like this becoming more frequent if service providers continue to rely on static PINs or passwords for user authentication:

"At the moment it seems that barely a day goes by without another story breaking around a password-protected service being compromised in some way. Both of the Twitter hacks and Vodafone story highlight, yet again, how easy it is to break into a service that is protected by only fixed PINs or passwords. It is clear that fraudsters are becoming increasingly sophisticated and yet amazingly these high profile brands just seem to shrug their shoulders and ask their users to change their password. This does nothing to prevent the same thing happening again in the future and is just playing into the fraudsters hands.

"An easy and cost effective solution which would avoid future embarrassment and user frustration, all they need to do is use a one-time passcode system, which would mean that even if a user was to inadvertently enter their details into a phishing site the fraudster wouldn't actually be able to use the PIN or password that they had stolen.

"As we've seen, passwords can be compromised through various forms of attack, including shoulder-surfing, key-logging, phishing and screen-scraping, but the Vodafone case highlights a growing trend of attack that comes under the umbrella of 'social engineering'. Essentially this refers to fraudsters collating user information - such as DOB, address, mobile phone numbers - from social networking sites and then using them to impersonate an individual. So while it's vital that service providers use more secure and user-friendly ways of authenticating their customers, this needs to be matched with industry-wide education on how users can safeguard themselves against security breaches like this in the future.

"Finally, whilst many people simply see networking sites such as Twitter and Facebook as a social thing and therefore believe they don't matter very much, people in corporate life should be reminded that this same username/password combination is probably being used to secure their cloud-based corporate information such as email and CRM systems."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo