The recent news of an iPhone bug that allows hackers to steal passwords with just a text message should serve as a stark reminder about the huge market for stolen user credentials and the vulnerability of passwords. This is according Secure Cloud Link, who argue that organisations and individuals must realise that passwords are now an untenable means of authentication and present a major security risk.
The security bug, which has now been repaired, meant that hackers had the ability to steal passwords, as well as other sensitive data. Fundamentally, an attack could give cyber criminals access to a computer’s memory where sensitive information such as passwords and login credentials are stored.
Gideon Wilkins, VP Sales and Marketing at Secure Cloudlink, said: “Any product that still depends on a password for authentication and authorisation is clearly a security risk, even those that ‘mask’ the back ended stored password with a biometric front end. This method gives a false impression of greater security as in the background passwords are still present and vulnerable to an attack, which could lead to a security breach. The only way to truly guarantee security is to break the historical link between a user’s identity and the authentication – the password.
Dave Worrall, CTO of Secure Cloudlink, adds: “The Apple security bug highlights the huge market for stolen data, which means good security practices are more important than ever. LinkedIn, Tumblr and Myspace are just a few recent examples of data breaches that saw user credentials up for sale online, representing hackers’ appetite for passwords. Despite IT departments and security experts urging organisations and users to apply diligence with regards to password management, hacks proceed to be common place and passwords continue to be stolen.”
Wilkins concludes: “Now is the time to completely disrupt the traditional concept of passwords as a means of authentication. Although companies claim to be removing passwords, they are just masking them. As a result, the problem is still being ignored. What is needed is an approach that involves no passwords at all. No storing, no transmitting and no replicating. Secure Cloudlink helps companies with large user portals to not only secure themselves and their brand, but secure every client digital identity. Taking customers from simply removing resets, through single sign on (SSO) to truly no passwords at all, ever. Hackers can’t steal what doesn’t exist.”