Cyber security can be a complex and fast-moving industry. News items reporting on data breaches and other cyber-criminal activity appear on an almost daily basis, while there is always someone offering their opinion on what could have been done better. There is always plenty of debate and discussion within the cyber security industry from industry experts and business leaders alike.
We will try to sift through all the different posts and news articles about this industry – the iDENindustry – and present the best and most relevant for you in one place.
In this release, we’re going right back to basics. Firstly, what is multi-factor authentication and how is it different to two-factor? We then look at some of the way cyber criminals are stealing your computer passwords and there’s a piece from Microsoft that reaches the right conclusion – that you don’t need a password at all!
Read on for links to all the articles and if you’re interest in how we can secure your teams and passwords, email firstname.lastname@example.org
Business 2 Community (B2C) – the site for business professionals – offers a great explanation of authentication. They summarise the different forms of authentication that are used and, most importantly, why you should use them.
The main reason for using multi-factor authentication (MFA) is of course that, “traditional password-based authentication is inherently insecure.”
The BBC covered the recent phishing attack on students at Lancaster University that targeted students to steal their passwords. Of course some passwords were stolen and personal data was accessed and was used to send out fraudulent invoices to the students.
“In a statement, the university said it became aware of a breach on Friday and has been working to secure its systems.”
The BBC again covered the issues of new audio technology that can be used to mimic people’s voices and then used maliciously. Although no examples were given it is claimed that this technique has already been used to successfully steal millions of pounds from businesses. Users need to be aware, but it’s not likely to be widely employed by scammers yet.
“Dr Alexander Adam, a data scientist at AI specialist Faculty, said it would take a substantial investment of time and money to produce good audio fakes.”
On the subject of passwords, Infosecurity had an article about password spraying, which if you haven’t heard the term before, “instead of targeting a single account with multiple password guesses, password spraying uses a high-probability password against multiple accounts.”
Tips on how to avoid falling victim to this are listed, which include implementing an effective password policy and using MFA.
Here’s a piece from Microsoft telling us that they don’t matter after all!
It’s quite a long and slightly technical article, but well worth a read. The main problem with passwords is not that they can be easily guessed, but that it is a text string and is very difficult to detect if the wrong person is using it.
As pointed out, using MFA can help…but selecting the right MFA solution can be tricky (unless you are selecting iDENprotect!)
And finally the pioneer of the computer password has died. He introduced passwords while working at MIT, not for security reasons, but to allow multiple people to use a computer at the same time. And in a Wired article, linked to in this BBC piece, it was revealed that even those first passwords didn’t work from a security perspective:
“The irony is that the MIT researchers who pioneered the passwords didn’t really care much about security… [it] may also have been the first system to experience a data breach.”