Passwords provide us with a false sense of security

4.6 Million Scottrade accounts exposed by hackers. Russian pleads guilty in largest U.S. hacking scheme—more than 160 million accounts compromised. Experian data breach: 15 million T-Mobile customers at risk. And these cyber-terror headlines are just from the past two weeks.

So how safe is the average person’s online information?

If consumers are only using a password to protect sensitive accounts, not very. Research conducted by Ponemon Institute for CNNMoney revealed almost half of America’s adults were hacked in one year.

Passwords provide a false sense of security. Hackers and the tools they use are getting too smart. In addition to proliferating dictionary lists that contain more than one billion stolen passwords, hackers also use complex algorithms to probe random combinations of words and special characters during an attack.

“Today, nothing you do, no precaution you take, no long or random string of characters can stop a truly dedicated and devious individual from cracking your account,” Matt Honan wrote in a piece titled “Kill the Password” for WIRED. It was published back in 2012.

CynoSure Prime, a password research collective, is on a mission to prove this very point. They’ve cracked the passwords of almost 12 million accounts from the infamous hack of adult site Ashley Madison. More revealing is the fact that they found less than 5 million unique passwords. This is why dictionary lists are so powerful in the hands of a hacker.

So how does the average person protect their online personal information?

Multi-factor authentication, also called MFA, makes it impossible for a hacker to compromise an account with just a user name and password. They can’t do it. That’s because MFA requires at least two of the following data points:

 

  1. Something you know: a username and password
  2. Something you have: a smart phone or token device
  3. Something you are: biometrics

James Bond, “Mission Impossible”, “The Bourne Identity” — they are all modern-day spy movies with MFA-challenged scenes because multiple forms of identification is the universal access standard for highly secure systems. What most people don’t realize is that the same or similar levels of security can protect most of their personal information today.

 

MFA is not science fiction for the masses. It’s here now. More than a growing reality, MFA is a necessity in a world terrorized by hackers.

The most common form of MFA requires a user to enter a special code sent via text message after signing in with their username and password. Without this additional code, access is denied. A hacker would need physical possession of the user’s phone and their username and password to do any real damage.

Additional methods of MFA include smart phone apps that generate one-time verification codes (Google Authenticator, SecureAuth), apps that send push notifications to authorize a sign-in (Duo, Transakt), devices that can generate one-time verification codes (RSA SecurID, Yubikey), and fingerprint and smart card readers. The industry is in its infancy, so more biometric methods are on the way.

While MFA is a standard industry term, Google calls it “2-step verification,” Wells Fargo calls it “advanced access” and PayPal calls it “security key.” If that’s not confusing enough, finding where to enable MFA on some sites is like searching for the lost Ark of the Covenant. When in doubt, contact support for the website in question.

The site Two Factor Auth offers a long list of websites that do and don’t offer MFA. Surprisingly, there are a number of big-name corporations on this list that don’t: Amazon, American Express, Citibank, U.S. Bank and more.

Not surprisingly, many Fortune 500 corporations that can’t be named here for legal reasons already require MFA for employee accounts or are in a race to do so to stem the tide of major data breaches. No one wants to become the next Ashley Madison. And unless Russian roulette happens to be a favorite game, consumers should do the same thing.

Passwords are becoming antiquated. MFA or 2-step verification, on the other hand, is the best defense against a determined hacker. Don’t be their next victim.

October is National Cyber Security Awareness Month.

ad-high_impact_4
Life
Kids become firefighters at Fire Station 98 open house
Henderson residents wore fire hats, learned about CPR and met firefighters at the Fire Station 98 open house Saturday, August 11, 2018. (Marcus Villagran Las Vegas Review-Journal) @brokejournalist
People from all over the world attend RollerCon 2018
RollerCon 2018 is a five-day convention focused on the roller derby community and culture at Westgate in Las Vegas. (Marcus Villagran/Las Vegas Review-Journal) @brokejournalist
Camp Broadway teaches kids how to sing and dance
The Smith Center's seventh annual Camp Broadway musical theater program gives 150 kids ages 6-17 an opportunity to learn musical theater skills from industry professionals over a five-day period. Marcus Villagran/ Las Vegas Review-Journal @brokejournalist
Las Vegas police officer on being PETA's Sexiest Vegan Next Door
Las Vegas police officer David Anthony talks vegan lifestyle and how he feels about being voted PETA's sexiest Vegan next door from his home on Monday, July 9, 2018. (Marcus Villagran/Las Vegas Review-Journal) @brokejournalist
'NO H8' Campaign comes to Las Vegas
Hundreds of locals participate in the NO H8 campaign founded by Adam Bouska and Jeff Parshley as a response to Proposition 8, a California ban on same-sex marriage. The campaign has since evolved to represent equal treatment for all. (Marcus Villagran/Las Vegas Review-Journal) @brokejournalist
Over 40,000 People Attend The 4th Of July Parade In Summerlin In Las Vegas
Over 40,000 People Attend The 4th Of July Parade In Summerlin In Las Vegas. (Janna Karel Las Vegas Review-Journal)
Star Wars and Golden Knights mashup at downtown art shop
Star Wars and Vegas Golden Knights fans attend the Boba Fett Golden Knight Paint Class at The Bubblegum Gallery in Las Vegas, Friday, June 29, 2018. (Marcus Villagran/Las Vegas Review-Journal) @brokejournalist
Bark-Andre Furry meets Capitals superfan Ovie the Bulldog
Two of NHL's furriest fans met at the Forum Shops in Caesars Palace on Tuesday, June 18, 2018, in Las Vegas. Vegas Golden Knights superfan Bark-Andre Furry and Washington Capitals superfan Ovie the Bulldog shared a plate of meatballs and spaghetti with help from Logan, "The Girl with the Hat." (Marcus Villagran/Las Vegas Review-Journal) @brokejournalist
TOP NEWS
News Headlines
Add Event
Home Front Page Footer Listing
Circular
You May Like

You May Like