Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Human Factors Weakest Element In IT Security

SecurEnvoy : 09 January, 2012  (Technical Article)
SecurEnvoy explains why human factors in IT security are the cause for the breakdown of the password system and the heral of two-factor authentication
Human Factors Weakest Element In IT Security
Commenting on reports that Utah Valley University researchers have analysed the many hundreds of thousands of Stratfor user account credentials which were  hacked by Anonymous late last year due to weak passwords, SecurEnvoy says this proves the fact that the human element in security is now the weakest link.

Steve Watts, co-founder of the tokenless two-factor authentication specialist, says that, after crunching the data on its 120-strong computer network, the University found that the users of Stratfor Global Intelligence – many of whom are actively involved in the IT security industry – were using weak passwords.

“Put simply, they really should have known better, as the user list of the hacked accounts reportedly included US military personnel, IT staff at the Bank of America and JP Morgan, as well as IT professionals with IBM and Microsoft,” he said.

“And if these professionals cannot get their password security sorted, then what hope is there for the rest of the Internet user community? This revealing analysis proves our constant mantra that conventional passwords are dead in the water on the security front - especially with powerful password crunching technology so readily available,” he added.

The SecurEnvoy co-founder went on to say that is interesting that the Utah University researchers – who crunched their way through the MD5 password hashes for the Stratfor user account credentials revealed by the Anonymous hacktivists - were able to decode more than 160,000 passwords for various users.

Through the use of freely available cracking software such as John-the-Ripper and Oclhashcat-Plus, he explained, the researchers were able to generate some eight million passwords per second, and 62 million passwords per second – respectively - using their network of computers.

In theory, says Watts, if account holders had strong enough passwords, then even the use of Oclhashcat-Plus - which harnesses the number-crunching capability of a PC’s graphics processor(s) – then a brute force attack would not have been possible.

But, he adds, as this research proves, human nature means that many people are lazy, and elect to use eight digit or less character passphrases, making the task of the researchers very easy.

“And if the Utah University researchers have been able to crunch these records, then you can bet your bottom dollar that their criminal counterparts have also been conducting similar analyses. This proves that ID/password security really is out-moded, and that Internet users now need to be thinking in terms of two-factor authentication,” he said.

“The problem with most authentication systems seen to date, however, is that they require the use of a hardware token. Our approach is to use the power of the users’ smartphones (something you have) and an answer to a known question (something you know) to ensure that only the person entitled to access the account is allowed to use the online facility,” he added.

“The use of tokenless authentication makes the process of stepping up from out-moded ID/password security all the more easier. The use of authentication significantly raises the security bar and remediates the shortcomings of the human element when logging in.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo