Ian Sherr of Dow Jones Newswires in San Francisco just published Beyond the Password in The Wall Street Journal. Sherr’s article focuses on the vulnerabilities of passwords and the necessity of augmenting password protected accounts with two-factor authentication.
I couldn’t agree more with Sherr’s assessment.
Sherr tells the story of a hacker who gained access to an executive’s email account by, “stealing log-in information from an insecure website, which they then matched up with a password they found on the Internet.” Pretty scary stuff! The hackers threatened to publicly release emails if the executive didn’t pay up, and that is exactly what happened — hackers released all of his email on the Web.
Recently journalist turned blogger, Brian Krebbs wrote about an online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership. Krebs observed, “Stories likes these illustrate the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many companies.”
Given the alarming number of headlines in the news about hacked databases, hacked corporate emails, and hacked social media accounts, these are not isolated issues and we are facing a fraud and spam epidemic.
As Sherr notes, “The growing frequency of these attacks has pushed companies to seek other forms of data protection than simple passwords.”
Fortunately, this is not a dooms-day article that offers problems and no solution. Sherr also discusses “Token Power” and how companies like Facebook and Google are now offering phone-based two-factor authentication to their user base as a necessary layer of additional account security.
“Google Inc. is one of the more recent companies to begin offering this technology to its users. The Internet behemoth offered the additional security free to its business-services customers last year. A few months later, Google opened it up to all account holders to use with apps such as mail and calendars. The program is already popular, Google says, and thousands of users sign up for it each day.”
I have two-factor authentication turned on for all of my social platforms and I change my password frequently. I do get temped to click those twitter links from someone elses hacked accounts that say, “someone has posting a pic of you all over the internet,” but then I remember that I’m pretty boring and no one would bother.
The best way to protect your accounts is with a second factor of authentication like a phone number that is tied to your account. With two-factor enabled you can rest assured that your secure information is secure.
If you are interested in reading more, Charles McColgan, our CTO, also addresses the issues of weak passwords and the risk of compromised accounts in his recent white paper, “Stop Compromised Accounts: Safeguarding the Internet and the Cloud.” I highly recommend having a look if you are a business person or technologists concerned about fraud prevention, security, identity, and access.