Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Change your password, for better or worse?

by The Gurus
May 7, 2014
in Opinions & Analysis
Share on FacebookShare on Twitter

Today is “National Password Day” as the security industry and world continues the battle with the dogged authentication method.
 
Backed by companies including Microsoft, Intel and LastPass, the initiative follows on from stories where “hackers have leaked millions of passwords from sites like Facebook, Yahoo!, and Google”. The website offers basic advice on password security for consumers, but comes after the Heartbleed bug, which may have affected two-third of global websites and compromised millions of passwords.
 
We have been debating the problem of passwords for some time, and will a day of awareness really change anything? Raj Samani, EMEA CTO of McAfee, part of Intel Security who have been one of the driving forces of password day, said that Intel wanted to provide one place for education and awareness.
 
“Education in this area is needed, as we consistently see evidence that people are naive about how to create the best passwords for their personal information – just last year it was revealed that 90 per cent of passwords were considered vulnerable because users couldn’t remember them,” Samani said.
 
So the concept of this companies encouraging consumers to change their thinking around password security and take simple steps to protect their data. Colin Miles CTO of Pirean said that the username and password approach for authenticating users is fundamentally flawed, as it fails to adequately serve the needs of either the consumer or the service provider.
 
“Users want convenience of access without compromising their privacy or security, while application providers need to ensure only the right people are accessing their services without introducing barriers to access,” he said. “The password model for access was introduced at the very infancy of internet adoption but it really hasn’t scaled to meet the demands of our increasingly connected world.”
 
Miles said that initiatives to encourage users to undertake good password hygiene are certainly needed, as the password problem is so entrenched in existing technology and services that this is a problem which is not going to go away soon, so the solution should be on modifying user behaviour to make the best of a bad system.
 
“We are seeing that new, people-centric approaches to security are increasingly coming to the fore. These are the most forward thinking models of all, where the primary challenge is not in respect of how the user should be authenticated, but whether an authentication challenge is needed at all.”
 
I talked to Steven Hope, managing director of Winfrasoft, who said that there is evidence that passwords remain a huge problem and this will remain a problem for as long as we have unique passwords for everything. “Even with a password, it is a pain to change it as it is a pain and it doesn’t work!”
 
“Companies use them and they are seen as free, but two-factor authentication tokens are too expensive, so we are stuck with passwords, and it is not good and until the Government puts the message out that we need to get rid of them we are stuck. If you compromise one password often you have got them all, but really it is a case of use them or lock themselves out,” he said.
 
Hope said that if technology worked, you would not need passwords. “How many passwords do you use in a day? I gave up at a dozen. Until you write them down, how many do you use in a week? If it is stolen how many applications could an attacker get into? We have existed on fixes and it is a nigh
tmare, the only way is to get rid of passwords.”
 
Last year, the Petition Against Passwords (www.petitionagainstpasswords.com) issued a call-to-action for large consumer sites to implement password-less logins and saw backing from large vendors and the federated identity group FIDO Alliance.
 
What awareness campaigns do is good, but what we need is to get mainstream support and a solution. Miles said that this may lay in modern Identity and Access Management (IAM) solutions, which he said do offer “a glimmer of hope for a better, best-practice future”.
 
“Increasingly IAM is being used to help build a better user experience around common security interactions such as registering for access, maintaining accounts or logging on to systems. Through these techniques service providers are able to provide clear, simple paths and journeys for users which can encourage adoption of new, stronger access mechanisms and overcome some of the barriers to entry for many,” he said.
 
National Password Day is asking users to pledge to use a stronger password. I would prefer it to ask users to ask websites and applications to implement a better form of authentication that does not require passwords at all, as that is surely the only way forward.
 
 
Read our interview with Paul Simmonds of the Global Identity Foundation on the future of authentication –https://itsecurityguru.org/gurus/redefining-identity/

FacebookTweetLinkedIn
Tags: 2FAAuthenticationIAMpassword
ShareTweetShare
Previous Post

Missed the flashing light?

Next Post

Shareholder sues Wyndham board members over data breaches

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information