Time for Better Security Controls

By Pavan Thatha

We all keep our valuables and belonging closely guarded but when it comes to protecting our critical IT systems and data we alarmingly choose to drop the guards.

In a shocking revelation by data posted by hackers online, most commonly used password was ‘password’ while ‘123456’ "12345678" came close at #2 and #3 positions.
In an era like this when passwords are at increasing risk of getting hacked more than ever before it was alarming to see people still keeping passwords like these which is an easy prey to the hackers.

2012 was the year of various big security breaches. Yahoo reported that over 450,000 email usernames and passwords were stolen from the company’s databases by hackers and posted on the file-sharing account Pastebin. Yahoo had stored these data without any encryption at all making it a very easy task for hackers to steal. What’s worse that these user ids and passwords were identical to the ones on the other online banking sites thereby potentially risking not only their Yahoo accounts, but also their other accounts.

Twitter has also suffered major compromises due to security breach by extremely sophisticated hackers who stole the user names and encrypted/salted versions of passwords for 250,000 users.

Following the breach, director of information security at Twitter, advised users to use strong passwords of at least 10 characters as part of what they call good password hygiene.
Good password hygiene is not the only thing that can save organisations from getting their password hacked. Many enterprises use only passwords, a decades-old user authentication technology, to validate or reject access. This becomes even more important with cloud and mobile technologies becoming coming place, which rely on third-party resources heavily for data access.

In order to keep up with the worsening threats, password technology has become so burdensome that employees are finding their ways around it thus risking the very security their data needs. It was found out in a survey that around 87 percent of users have to normally remember two or more passwords to remember their company resources. Passwords were ranked as the top access problems in the enterprise by 80 percent of the respondents.

Many organizations today have implemented the policies of long password to improve security. Unfortunately, many users work around these password security systems by reusing passwords across multiple systems, including their personal accounts and by using weak passwords or writing longer passwords down, often on notepads or other papers in open view.
Weak password securities possess security threats for companies using cloud or SaaS technology. Applying already over-complicated password technologies to cloud, mobile and other modern IT implementations extends weakness which is out of the control of the IT department.

Fortunately, a powerful technology exists to supplement passwords: two - factor authentication. It helps defeat hackers by requiring users to show two simultaneous but independent means of verifying their identities. Strong authentication solution revolves around something user knows, something user has or something user is. There were multiple innovative technologies and mechanisms that are being recently launched in Strong Authentication category to address the challenges with password based and conventional two factor authentication solutions.

Recent innovations in “something user knows” category is the pattern based approach for locking/unlocking Android devices. Innovations in “Something user has” category include physical grid/array card based solutions that are being adopted by enterprises and banks. There are also solutions available with combination of both the above i.e pattern and a physical card that provides much high level of security there by providing best protection to the user access.

Many big enterprises such as Google, Yahoo and Twitter too are implementing the two factor authentication solution for the users following the security breach. Enterprises can implement these strong authentication solutions to protect their data and diminish the risk of their passwords getting hacked.

Chennai based ArrayShield Technologies is provider of innovative pattern based two Factor Authentication Solutions.