Pages

Friday, October 2, 2009

ComputerWorld: Username/Password Obsolete and Weak

Online Banking Security is Weak Week continues! 



Here an excerpt from an article in ComputerWorld by Andrea M. Antonopoulos stating that the weakest security solution is the username/password.   Sounds familiar...where did I hear that before?  I know what I've outlined in yellow sounds like I wrote it, but I swear...it was all Ms. Antonopoulos! 




New secure password rules




By Andreas M. Antonopoulos

September 29, 2009 05:37 PM ET






The vast majority of security systems are still dependent on this weakest of solutions -- the username/ password pair.



In a world with road warriors, ubiquitous network access, keyloggers and trojans, does this approach even make sense? Can we still depend on username/password and if so do the rules above still apply?



I would answer "no" to both questions.



End users behaving badly



Let's face it: password based security was obsolete the moment the first keylogger was built. Between hardware keyloggers, software keyloggers, trojans and shoulder surfing, the whole idea of keeping a "secret word" is ridiculous.



Companies would be well advised to scrap username/password security in favor of (genuine) multi-factor authentication as prices drop and the technologies become easier to use.





Editor's Note: As predicted...it's "simply a matter of time" before "everybody" realizes username's and password's are obsolete. 



Thanks ComputerWorld for helping spread the word. 



If we can spread the word as quickly as online banking Trojans are being spread, it won't be long before you'll be able to use a SLIM to authenticate online banking log-in the same way you currently access your cash at an ATM!



Instead of "Typing" 14-18 digits of your card number, then the 6 digit expiration date, followed by the 3 digit CVV code, (that's 23 keyloggable keystrokes)  all you have to do is ONE "Swipe". 



That was Easy!  That was Faster!
That was Secure!  That was "about" Time!



Continue Reading at ComputerWorld









Reblog this post [with Zemanta]