Gawker, Sony, Stratfor, Citigroup: the impact of these massive data breaches on weak authentication schemes and major security incidents demonstrate that the current password system is not reliable. Let’s face it – people simply can not remember a unique complex password (consisting of eight or more letters, numbers and symbols) for each online account they have – especially when we have commonly more than ten online accounts that require a password. Also consider many mobile applications that also require a password or PIN. It is time to recognize that the current system is not sustainable or safe. New forms such as sms authentication are emerging.
Just choose a complex password?
Many organizations put the burden of secure authentication to users’ feet, saying simply to choose more complex passwords. However, users time after time prefer to choose weak passwords, and use the same password for multiple online accounts. Instead of asking people to remember more complex passwords, online companies must change the archaic password system we are used to, and adopt advanced authentication technologies that are both safer and easier for people to use.
A chain reaction
As the Internet works only interdependently whenever there is a serious password breach, fraudsters knowing that people often use the same password on multiple accounts try to access accounts on other sites, thus affecting the security at a number of other independent websites. This is a chain reaction. Considering the large amount of important information that people shared and stored online it means that the security problem should be solved by online businesses themselves. Websites must choose strong sms two factor authentication.
New authentication solutions
Actually, strong authentication is easier to achieve than ever. With the availability of authentication solutions based on the cloud, it is easy for sites to use technologies which generate mobile one time password (otp) for each connection, which can be used to replace traditional passwords and to enhance the security of the connection if the user chose a weak password.
The widespread use of mobile phones and mobile applications, it is now possible for sites to use sms otp without using hardware tokens, smart cards or biometrics. Some online banks and other security-conscious companies have started to use SMS to send authentication codes to phone users.
We are ready for change
Until more websites move away from archaic password regimes for the benefit of strong text message authentication methods that are easy for users, the problem of internet security will only grow and expand.