ComputerWorld: Username/Password Obsolete and Weak

Online Banking Security is Weak Week continues! 



Here an excerpt from an article in ComputerWorld by Andrea M. Antonopoulos stating that the weakest security solution is the username/password.   Sounds familiar...where did I hear that before?  I know what I've outlined in yellow sounds like I wrote it, but I swear...it was all Ms. Antonopoulos! 



New secure password rules



By Andreas M. Antonopoulos

September 29, 2009 05:37 PM ET

The vast majority of security systems are still dependent on this weakest of solutions -- the username/ password pair.



In a world with road warriors, ubiquitous network access, keyloggers and trojans, does this approach even make sense? Can we still depend on username/password and if so do the rules above still apply?



I would answer "no" to both questions.



End users behaving badly



Let's face it: password based security was obsolete the moment the first keylogger was built. Between hardware keyloggers, software keyloggers, trojans and shoulder surfing, the whole idea of keeping a "secret word" is ridiculous.



Companies would be well advised to scrap username/password security in favor of (genuine) multi-factor authentication as prices drop and the technologies become easier to use.

Editor's Note: As predicted...it's "simply a matter of time" before "everybody" realizes username's and password's are obsolete. 



Thanks ComputerWorld for helping spread the word. 



If we can spread the word as quickly as online banking Trojans are being spread, it won't be long before you'll be able to use a SLIM to authenticate online banking log-in the same way you currently access your cash at an ATM!



Instead of "Typing" 14-18 digits of your card number, then the 6 digit expiration date, followed by the 3 digit CVV code, (that's 23 keyloggable keystrokes)  all you have to do is ONE "Swipe". 



That was Easy!  That was Faster! That was Secure!  That was "about" Time!



Continue Reading at ComputerWorld

passwords, usernames, two factor authentication, 2FA, HomeATM, multi-factor authentication, that was easy, username/password, HomeATM, SLIM, Swipe Don't Type

Related articles by Zemanta

• Computerworld: Court allows suit against bank for lax security (boxofmeat.net)


• The Password is...Two Factor Authentication (pindebit.blogspot.com)


• Web users will trade privacy for security and convenience (digital.venturebeat.com)


• Bank of America Gives Away $25 to Pay Bills Online (pindebit.blogspot.com)


• Does Weak Online Banking Log-In Make the Bank Liable for Losses Incurred when Fraud Occurs? (pindebit.blogspot.com)


• Password, Username Stealing Malware Volume Jumps 400% (pindebit.blogspot.com)


• HomeATM Featured in Secure Payments Magazine (pindebit.blogspot.com)


• Another Lawsuit Against Weak Online Banking Authentication (pindebit.blogspot.com)


• Online Banking is Weak Week Continues (pindebit.blogspot.com)


• Anti-Phishing with Two Factor Authentication (information-security-resources.com)