Page 61 - CDM-Cyber-Warnings-March-2014
P. 61
: &1.6(-& (-#42318 6(3' "' -&$ .% '$ 13 Authentication is the act of confirming the veracity or credentials of an entity, and it is a critical component of eBusiness. In an online world where privacy and security are paramount, the authentication technology has to be complex, individual and virtually flawless. Online security and authentication is growing as an industry and it is no longer a product- focused industry, and according to researches such as Gartner, SaaS (Security as a Service) is expected to grow exponentially with many companies emerging. IDG News reports that cloud services have a bright future, Gartner valued the industry in 2013 to 2,1 billion USD and are expecting a growth to 3,1 billion USD by 2015. But this billion-dollar industry is still being based upon the humble idea of: only the right user should be able to access that user’s information. But as with most things in life the most simply ideas and problems are made complex by us humans. Internet security and authentication is no different, and on top of being complex; it’s old. th The World Wide Web just turned 25 years on March 12 , and password security is just as old online (and much older in real life). Passwords do offer a minor level of security, and 20 years ago it was a good alternative. But times have changed, and with only one update worth mention to solve the problem (the launch of hardware token 19 years ago in 1995), the main way of authenticate and secure a user is still passwords. So why are not more online services using the tokens? Probably several reasons such as: cost (no one would invest 100M to mitigate a security flaw with on-going costs of only 20 million), logistics (if you don’t know who your user is you can’t send them a token), administration (you need to teach users how to use the new technology) and user experience (non flexible and initiative). Then, why can’t we just use the passwords? First of all they have limitations in dealing with technology threats such as Man-in-the-Middle etc., but their largest problem is the human behaviour. People don’t do as they are taught, and when people reuse usernames and passwords it is an open door to their online identity. By using the same password on several sites it could result in problems, every site will probably not be hold to the same level of security and if the passwords gets leaked it can be used on the sites with a higher level. " # % " $ " # ! !
