Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Advisory Boards

Is A Password Enough? A Closer Look at Authentication

0
Pin It

Yahoo reported the theft of some 400,000 user names and passwords to access its website, acknowledging hackers took advantage of a security vulnerability in its computer systems.

The Mountain View, California-based LinkedIn, an employment and professional networking site which has 160 million members, was hacked and suffered a data breach of 6 million of its clients and is now involved in a class-action lawsuit.

These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used in these cases, then the hacks may be a moot point and the hacked data useless to the thief.

The biggest part of the password problem is in 2 parts: first, we are lazy with passwords, for example in regards to the Yahoo breach  CNET pointed out that:

2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

160: The number of times “111111″ is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000″ is used 71 times.

Second: spyware, malware and viruses on a user’s device can easily record passwords.  Which means this username (which is often a publically known email address) and password is easy to obtain from an infected device.

The numerous scams which entice users to cough up sensitive data is a proven con that works enough to keep hackers hacking.

Multi-factor authentication, which your bank uses is far better and more secure and it requires a username, password and “something you have”—a personal security device separate from the PC

While additional authentication measures might be a burden to some, it’s a blessing to others who recognize the vulnerabilities of their online accounts otherwise.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • Username and Passwords Are Facilitating Fraud
    In 2005, the Federal Financial Institutions Examination Council stated: “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation.  Where risk assessments
  • Yahoo! Hacked: 15 Tips To Better Password Security
    In light of the Yahoo Voices hack where 450,000 passwords have been compromised, it’s time again to let the world know what they are doing wrong when it comes to passwords. CNET pointed out that: 2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There
  • Lessons learned from a Password Attack
    It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands. A password is never 100 percent secure, but instead,
  • 5 FFIEC Compliance Tips For Banks
    Experian’s Chris Ryan addressed five major questions about compliance with the FFIEC’s recent guidance on banking authentication. What follows are his responses, summarized: What does “layered security” actually mean? “‘Layered security’ refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses
  • Please Hack Me. My Password is 123456
    Robert Siciliano Identity Theft Expert Is this you? Are you a hacker’s delight? Are you a lazy lima bean begging to be hacked? Recently, there were 32 million passwords stolen last month from a social media site. Upon observation, researchers determined 1 percent of the 32 million people it studied had used “123456” as a password.

Leave a Comment

You must be logged in to post a comment.

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category