Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Secure Alternative To Passwords for Cloud Access

InfoSecurity Europe : 24 March, 2010  (Technical Article)
Stephen Howes of GrIDsure explains alternative methods to the use of static passwords for access to web based services, the cloud and social media
See our events guide listing for more details

With the growth of social networking, online media consumption and cloud computing, every day millions of people log in to a variety of different sites using a username and password or PIN combination. However, over the last few months there have been a number of high-profile hacking attacks that have pointed to the inherent weakness of the fixed password authentication systems that control access to these services.

Recent reports have highlighted the risks and flaws of static passwords and have suggested practical ways to improve password security and reduce the likelihood of a security breach. Suggestions have included changing passwords on a regular basis (e.g. every 30 days), using combinations of numbers and letters and mixing upper and lower case characters. However, these suggestions are really trying to make the best of a system that is fundamentally flawed, and I would say that such advice is comparable to proposing how to arrange the deckchairs on the Titanic as it sails full-steam towards the iceberg.

Static passwords have increasingly become the subject of a variety of malicious attacks, including shoulder-surfing, key-logging, screen-scraping and brute force 'dictionary' attacks. The cyber-criminals responsible for these kinds of attacks are constantly adapting and updating their methods and, as the number of users of online services continues to rise, now really is the right time for individuals and organisations to embrace authentication methods that offer better security and improved ease of use. From recent phishing attacks targeting Twitter and Gmail to the news in February 2010 that Cambridge University scientists found a fundamental security flaw with the popular 'chip and PIN' system, every week seems to throw up yet another story proving that static passwords and PINs are past their sell by date.

With cloud computing-based services becoming the norm in today's online world, and increasing amounts of data moving into the cloud, it is time for on-line service providers to start adopting identity authentication systems that are based on one-time passwords or passcodes. While it may not be possible to completely eradicate all phishing or other hacking attacks with a single solution, one-time password methods are generally more robust and have been proven to dramatically reduce this problem. They can also, depending on the method chosen, be cheaper than legacy password systems and can improve the customer experience of the web site in question. So by making this relatively simple and cost-effective change, organisations can reduce the number of potentially embarrassing security breaches while also saving money and improving customer satisfaction.

Gridsure is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo