Site icon IT World Canada

End the tyranny of passwords

Data breach notification in Canada

Shutterstock.com

We all know how much of a bad idea writing down complex passwords is. Yet people do it all the time. I recently spoke with Dr. Mansur Hasib, one of world’s leading authorities in cybersecurity and speaker at the SC Congress 2015 in Toronto, about security and the role passwords play. Dr. Hasib’s take on the issue was simply “can we not do away with passwords altogether? People have already suffered too much and now it is one of the most insecure ways to authenticate.” He explained following problems with passwords:

  1. Once a criminal has access to a password they can change your password and lock you out of your own account and hold the data hostage for a ransom
  2. People habitually write down passwords in conspicuous places
  3. They forget passwords all the time and have to go reset passwords
  4. Sophisticated password crackers can crack passwords easily
  5. Key stroke loggers or other spyware can be used to learn passwords
  6. Criminals can capture passwords by capturing all keystrokes
  7. People stay locked out of accounts and cannot get their job done
  8. Stealing passwords is the main objective behind typical phishing or other social engineering attacks

Dr. Hasib explained that innovative vendors such as Enterprise Sentinel are redefining the authentication space and modernizing multi-factor authentication making it almost impossible for criminals to gain access to a system. Assuming that the user has a smart phone, this company has a product called DynaMatrics 2FA which works in the following simple manner:

Dr. Hasib contends, “The strength of this type of solution is that there is no password to remember, forget, or reset. All those support and development costs vanish. And even if someone has logged the keystrokes they cannot use the password ever again.”  The solution also solves the problem of users innocently visiting infected sites only to have spyware installed on their machines – without ever clicking on anything.  “Members of the public must insist on doing business with companies that use a stronger authentication mechanism that userids and passwords. Banks and financial institutions are a ripe market for this type of higher security authentication.” said Dr. Hasib.

Exit mobile version