A recent article in The Telegraph reported that this year 110 million
pieces of data have already been illegally sold, representing a 300 percent
rise since 2012. This data mostly consists of login credentials, essentially meaning
username and password details.
Of course, the same advice is wheeled
out, encouraging everyone to be more diligent and to change passwords more
frequently. But personally, I do not have a free evening every two weeks that I
can dedicate to changing every password on every online account I have!
Meanwhile, Facebook is busy scouring the web to try and find out if our details
have been compromised. But I would prefer it if efforts were focused on
stopping it happen in the first place.
Asking people to regularly change
passwords just isn’t feasible and we should have learnt by now that the
majority of us just won’t do it. Even, if everyone did change their passwords
regularly at best it would possibly
reduce the ‘quality’ of the data being bought and sold.
Speaking
at the Information Security Solutions Europe (ISSE) conference in Brussels last
week the Head of European Cybercrime Centre
(EC3), Troels Oerting, commented that
most of the people who go online do not have a clue what they are getting in to and someone needs to
protect them. Meanwhile, the former Cyber-Security Coordinator of the Obama Administration, Howard
Schmidt, advised that we
need better security to have less victims, but this makes it harder for people
to do their jobs.
A recurring theme at the conference
was the fact that still cybercrime has the potential to deliver high profit and
at low risk of being caught, especially as much of it is conducted across
national borders. So, all the while login credentials are easy pickings there
is no reason to expect this to change. The positive feedback I can report is
that there is much consensus among security professionals that we must move
away from passwords, with recognition for initiatives such as the FIDO Alliance
(of which Winfrasoft is a member) that is working to balance improved security with user
convenience. So, now the debate has moved on to how to achieve it.
Adding layers of security is one approach and
this week Google has been introducing its new security key, which is essentially a hard-token
for 2FA. However, I suspect it won’t be on many peoples Christmas lists for two
reasons. The first is that it is a token and that means I will need to carry it
around with the other tokens I already have on my key ring. The second issue I
have is that is it a USB and neither my smartphone or my tablet (the two
devices that I tend to use the most for going online) have USB ports.
I agree that adding layers of
complexity is important to thwart cybercriminals but if you make it more
complex for the user then you end up with paralysis. So, as smartphones and
tablets have become ubiquitous it is these devices that I strongly believe hold
the key (as opposed to the key ring token!). Placing the token on to these
devices adds convenience, as you always have it with you. Then, if you remove
the need for the user to remember password and the requirement for the
organisation to store it, in my book you have a winning solution.
Author:
Alissa Lang, Winfrasoft
Security testing is must. Everybody wants security at every level of his working. as explained above failures are happened but if we test time to time then it will improve. So it depend on us how much we are serious about this.
ReplyDeleteIntelligent Big Data Summarization for Rare Anomaly Detection Project For CSE
LBOA Location Based Secure Out sourced Aggregation in IoT Project For CSE
Modelling Cyber Attacks on Electricity Market Using Mathematical Programming With Equilibrium Constraints Project For CSE
Performance Evaluation and Analysis of IEC 62351 6 Probabilistic Signature Scheme for Securing GOOSE Messages Project For CSE
Poisson Reconstruction Based Fusion of Infrared and Visible Images via Saliency Detection Project For CSE
Secure Internet of Things (IoT) Based Smart World Critical Infrastructures Survey, Case Study and Research Opportunities Project For CSE