The proliferation of social networking and the acceleration of personal devices for corporate use can be a boon for remote workers. Unfortunately, this increase in systems and cross-platform networks can also be a huge opportunity for cybercriminals looking to launch targeted attacks.
In 2012, the sophistication of mobile malware intensified, damaging individuals, businesses and governments alike, revealing one of the year’s top security trends: that the traditional combination of username and password is not a strong enough security barrier.
With this in mind, the following security experts share their thoughts on why more secure authentication methods are needed in 2013:
“The fact is that passwords, as a security technology, are reaching the end of their useful life. Moving to a world where alternative authentication systems are the norm is incredibly difficult, and as a consequence we are entering into a period of time when we are going to have to continue to rely on a security control that doesn’t work. Encouraging users to pick longer passphrases, and proactively auditing networks for weak passwords are steps that can be helpful during this time. Increasingly, we are going to see attackers entering networks with legitimate access credentials without ever having to fire an exploit that would trigger an intrusion detection system. We need to be prepared for this type of attack activity.” Tom Cross, director of security research at Lancope
“Nine out of 10 intrusions involved compromised identities or authentication systems, so enterprises need to make sure they have a sound process for creating, managing and monitoring user accounts and credentials for all of their systems, devices and networks.” – Wade Baker, Verizon RISK Team
“The password-only security model is dead. Here’s why: Easily downloadable tools today can be used to crack a simple four- or five-character password in only a few minutes…Next year, we are likely to see an increase in businesses implementing some form of two-factor authentication for their employees and customers. This will consist of a Web-based login that will require a user password along with a secondary password that will either arrive through a user’s mobile device or a standalone security token. While it is true the recently discovered botnet Zitmo cracked two-factor authentication on Android devices and RSA’s SecurID security token (hacked in 2011), this type of one-two punch is still the most effective method for securing online activities.” – FortiGuard Labs’ 2013 threat predictions, Fortinet
What do you think? Will authentication attacks, including stolen usernames and passwords, continue to plague network security?