It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Are passwords good at protecting sensitive data?

Posted by on in Data Security

b2ap3_thumbnail_password.pngPasswords continue to create data security issues and may need to be phased-out in favor of more secure alternatives, argued a recent petition from a group of Silicon Valley technology companies. Multi-factor authentication and identification may be one way forward in light of more prevalent high-profile password breaches, such as the one that recently affected social network and blogging platform Tumblr.

The advocacy group behind the petition described passwords as the easiest inroads past company security. Since most passwords are created by humans, they can rarely pass muster in environments in which specialized crimeware can quickly decipher them via brute force. Although the multitude of easily guessed passwords are most obviously at risk, even complex ones are not necessarily safe, stated PCWorld's Steve Ragan in his commentary on the petition.

"Even the best protected servers eventually fall," said one technology executive quoted by Ragan. "The results can cost the company millions of dollars and drastically impact consumer trust."

Many users recycle their passwords and are not properly guided toward better data compliance by company policies, said the petition's authors. As a result, passwords often end up being readily available to hackers in wordlists and are the starting points for costly attacks.

Recently, users of Tumblr's iOS apps had their passwords transmitted in plain text while connected to public Wi-Fi networks, noted New Yorker contributor Matt Buchanan. This password vulnerability was part of a trend that saw several high-profile companies forced to reset user passwords after breaches. Evernote and LivingSocial each recently had nearly 50 million account passwords compromised.

Download Free Trial:
SecureZIP

File Compression + Security

Alternatives like two-factor authentication, already being experimented with by Google and Facebook, may eventually allow for the password to be retired, but until then, individuals and companies will need to more carefully protect their password data via sound policies.

Tagged in: Compliance Data Security two-factor authentication

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013