NexusFi: Find Your Edge


Home Menu

 





In 2015, it won’t matter if hackers steal your password


Discussion in Traders Hideout

Updated
    1. trending_up 955 views
    2. thumb_up 0 thanks given
    3. group 0 followers
    1. forum 0 posts
    2. attach_file 0 attachments




 
Search this Thread

In 2015, it won’t matter if hackers steal your password

  #1 (permalink)
 
kbit's Avatar
 kbit 
Aurora, Il USA
 
Experience: Advanced
Platform: TradeStation
Trading: futures
Posts: 5,854 since Nov 2010
Thanks Given: 3,295
Thanks Received: 3,364

The password could be dead by 2015.

That’s the prediction (and hope) among security experts who are racing to replace the is-it-really-you test, which dates to the early 1960s. Since then, passwords have become an omnipresent nuisance for both users and security officers—perpetually forgotten and inevitably stolen, as evidenced this week by the news that a Russian gang has amassed a trove of more than one billion login credentials. (Read: More than a billion online accounts breached by Russian gang.)

Two out of every three data breaches involve the exploitation of weak or stolen passwords, according to Verizon’s 2014 Data Breach Investigations Report. And making them stronger isn’t much help.

The more requirements websites add for passwords—to reach a minimum number of characters using uppercases, lowercases, and special characters, to avoid strings similar to previous passwords, to do a handstand while typing it in—the more likely people are to reuse passwords across accounts or create weak ones, researchers say. A 2012 study found that almost one-third of people have more than 10 unique passwords, and 38% of people would rather scrub toilets than try to come up with new ones.

The tech industry is brimming with companies touting products to block impostors in a post-password age—all aiming to cash in on cybercrime, a problem with an estimated global cost of up to $445 billion, according to Internet security firm McAfee. Among the options: software that, invisible to the user, tracks contextual factors like time and location, and how users type, wiggle their mouses and swipe screens; and biometric scanners for faces, eyes, voices, veins and even heartbeats, often in combination with a designated mobile device.

A gang of Russian hackers have stolen an enormous trove or usernames and passwords, according to cybersecurity firm Hold Security. Here’s what this means for Internet users.

A working group to create password-alternatives, called the FIDO Alliance, released a draft of new standards for online authentication in February and plans to issue the final version by the end of the year. Its members include Google GOOG -0.01% , Bank of America BAC -0.07% , MasterCard MA -0.20% , Samsung KR:005930 -3.10% and PayPal.

By 2015, a large portion of Internet users will say goodbye to the old-school username and password in favor of methods such as biometrics and one-time secure keys, especially after the big players in the group begin to adopt the new standards, says FIDO Alliance president and co-founder Michael Barrett.

“Passwords…made absolutely fabulous sense back in the ‘60s. They make no sense now,” Barrett, who previously worked as chief information security officer at PayPal, says.

Privacy advocates say part of the reason passwords are considered a pain—that they sometimes need to be changed—is also an advantage: If an intruder learns the code, you can write a new one. Your heartbeat and fingerprint, however, remain the same.

But what makes passwords such an easy and prime target for cybercriminals is scalability. One cyber heist can yield thousands or even millions of account credentials, depending on the target. For a crook, biometrics produce far more barriers to entry. A thief could likely be forced to mold fingerprint replicas on an individual basis, or attempt to record someone’s heart activity without being noticed.

Attacks against biometric security and other password alternatives “require physical access to us or our devices, and those don’t scale,” Barrett says. “How many people can I attack in a day? Two or three? From a bad guy perspective, it’s just not very interesting.”

For some companies, passwords are already so yesterday.

“We’ve eliminated usernames and passwords,” says Jonathan Klein, president of the Virginia-based software company MicroStrategy MSTR -0.03% , which designed an app called Usher. Usher checks who you are through options including voice and facial scans, verifying the device itself and tracking its location so people can only log into sensitive systems from specific locations or within boundaries, or for a limited time. The app then reveals a QR code that users scan at their workstation or on a website, and a code to authorize transactions over the phone.

“Everyone in the company uses it,” Klein says, citing MicroStrategy’s 3,000 employees. Its customers include Northrop Grumman Corp. NOC -0.02% , one of the top defense contractors in the U.S., banks and insurance companies. Georgetown University began piloting the technology this summer.

If scanning your body with an app seems like too much work, you can just go with your heart, literally, by preordering a $79 wristband called Nymi from Toronto-based Bionym Inc. The bracelet measures electrocardiographic activity and can be synced with devices ranging from computers to garages and car doors, eliminating the task of logging in and out throughout the day. CEO Karl Martin says the company has about 10,000 preorders (the wristband is slated for release this fall) and that in 2015, he expects similar devices to become more commonplace.


Until then, people can opt for two-factor authentication. In most cases, that means websites will send security codes to users’ inboxes or smartphones, which they must enter in addition to the username and password when logging in. It’s imperfect, and hackers can sometimes circumvent or spoof it, but it’s better than not opting into a second layer of security at all—especially given that most people don’t change their passwords in the first place or still name them after their cats.

In 2015, it won?t matter if hackers steal your password - MarketWatch

Started this thread Reply With Quote




Last Updated on August 8, 2014


© 2024 NexusFi™, s.a., All Rights Reserved.
Av Ricardo J. Alfaro, Century Tower, Panama City, Panama, Ph: +507 833-9432 (Panama and Intl), +1 888-312-3001 (USA and Canada)
All information is for educational use only and is not investment advice. There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
About Us - Contact Us - Site Rules, Acceptable Use, and Terms and Conditions - Privacy Policy - Downloads - Top
no new posts