A UK online security specialist believes the hacking of US officials’ accounts by suspected Chinese experts could easily have been prevented - if services like Google mail would only make a tiny change to their systems.
Jonathan Craymer, MD of password replacement specialist PinPlus says changing to “one-time” passwords – in place of standard fixed ones – would solve the problem in one.
He says: “High traffic sites like Google, Facebook, Twitter and others used by millions across the globe keep putting their heads in the sand over this problem, but it’s never going to go away. Fixed passwords are dead, out-dated and insecure and have become the hackers’ friend. Yet it would be so easy for the owners of these sites to add far greater security with one-time passwords, which change every time.”
The pin+ system provides users with new sets of numbers to log in with each time. Hackers would not be able to use the codes again, as they only work once. The codes are delivered to users via the login web page, and do not require additional hardware to be carried or software to be installed on devices.
So called ‘spear phishing’ attacks, where users are tricked into giving away their passwords, simply would not work with pin+ one-time pass-codes.
Craymer added: “I’m calling on users to stand up and be counted, and insist on being given one-time code facilities. This could be provided for a few pence per user per year and would revolutionise security. Yet if users don’t make a fuss, it appears the big online services won’t ever get off their back-sides and make this simple little change, which would defeat so much hacking and online fraud.”