Page 62 - CDM-Cyber-Warnings-March-2014
P. 62
7 of 10 online users are careless with their passwords reports PC for all, according to a study they made in January 2014 60% say that they change their passwords less then once a year and alarmingly 68,7% reuse their passwords on several online services. Adobe, Twitter, Ubisoft and a Chinese mega bank’s mobile banking service were hacked because of this behaviour. We can’t place the entire responsibility on users; the companies whose services are effective as the mentioned bank, which lost 50 million RMB (approximately 8 million USD) from victim’s accounts, need to address the issue. Especially now when technology and authentication has evolved along with human behaviour to span over more platforms then ever before with the mobile platforms, which due to quick development and focus on intuitive user experience has left security a little behind. “Mobile fraud is very much like Internet banking fraud 10 years ago” - (SecurityWeek, 24 July 2013). That statement describes the problem very well, the technology has rushed ahead, enjoying the ride but how to secure this evolvement is dated and has known flaws. We have a need of finding a way to securely BYOD (Bring Your Own Device) since mobile platforms are now more popular than desktop platforms. One attempt is the FIDO Alliance that is trying to solve a secure way to reuse passwords but the focus is still on holding the user responsible to have knowledge of the problem and actively seek a way to handle it. Most users will probably never give this the time and energy it is needed, and therefore the problem of reusing will continue being a problem. The simplicity of the idea, the problems with the established solutions such as passwords and tokens, and the complexity of new technology has been a great foundation for innovation and creativity, and a totally new playground for IT security vendors. From 2FA token products with cryptology to today's intuitive multi-factor solutions; everything from biometrics where Fingerprint-based biological cryptography technology, image recognition, geological fencing, device identification etc., are examples of how far the idea has taken us. During the RSA Conference in San Francisco this market trend became clearer; two years ago hardware tokens had a greater grip of the market and each year you can see the notices of change in all from the topics discussed, to exhibitor and the solution launched. 2014 was a year when software, flexibility and cost effectiveness was of focus. " # % " $ " # ! !
