Nowadays, internet users are encouraged to store valuable personal information in web pages and web applications. Social network pages such as Facebook, Twitter and Foursquare are a great example that illustrates how the internet has changed over the decades.
On the other hand, most users of the internet know little about security issues that arise each time they create an account in a web page. They think that a single username and password are more than enough to protect their personal information from hackers that try to expose them. They usually choose a small password, something that they are able to remember all the time in order to log into their accounts quickly and without any delays. Furthermore, since most of us have accounts in multiple web pages, users tend to use the same password for all of their accounts as it is always difficult to remember many passwords for many accounts.
As a result many users of the internet today become victims of what we call cyber crime. Their personal and sensitive information such as bank accounts, passwords, name, adress, religion etc are stolen by hackers with unpredictable outcome. As a result, a hacker can get access to valuable information, charge bank accounts, transfer money from one account to another, expose the victim's data (personal beliefs, hobbies, marital status etc). Of course there are many victims today because of this insufficient level of security. But let's just understand what is a single password and how it protects us from hackers that try to get access to our private data.
PASSWORD STRENGTH
A password is a word or string of characters used for user authentication to prove identity or access approval, to gain access to a resource which should be kept secret from those not allowed access. The easier a password is for the owner to remember generally means it will be easier for an attacker to guess.
So how to determine if a password is strong or weak? It is determined by how many efforts an attacker needs in order to guess it and how long will it take him to validate that he has the correct password(how robust it is against brute force attacks). Generally speaking, a big password with a variety of characters(uppercase,lowercase letters,numbers) is more difficult to guess than a small password. So for incrased security, users should use big password even though they are difficult to remember. A list of weak passwords commonly used by many internet users can be found here. If you have a password like those below you are adviced to change it as soon as possible.
So how to determine if a password is strong or weak? It is determined by how many efforts an attacker needs in order to guess it and how long will it take him to validate that he has the correct password(how robust it is against brute force attacks). Generally speaking, a big password with a variety of characters(uppercase,lowercase letters,numbers) is more difficult to guess than a small password. So for incrased security, users should use big password even though they are difficult to remember. A list of weak passwords commonly used by many internet users can be found here. If you have a password like those below you are adviced to change it as soon as possible.
TFA
In order to deal with those security issues that arise when someone uses a single password phrase in order to authenticate, a new method is developed that is called multi factor authentication and it implements one of the factors below.
(1).Something only the user knows(e.g. password,PIN)
(2).Something only the user has(e.g. ATM card, smart cart)
(3).Something only the user is(e.g. biometric characteristic,such as fingerprints,face etc.
When two of the above factors are used we are talking about two factor authentication. The most common example that implements this method today is when a user wants to drag money from his bank account. He knows a password(something the user knows) and he uses an ATM card(something the user has).
It would be a good idea to implement two factor authentication for our transactions over the internet or when we try to authenticate to our accounts. The security level is increased since now a hacker cannot gain access to a user's data by only guessing the password but he needs the device as well.
On the other hand, since since smartphones today are like a part of our body it would be a great idea to use this device as the second factor to this method. It is better than using security tokens or cards for this procedure since most users today know how to use their smartphone and are familiar with applications.
So the general idea is to create an application that implements two factor authentication. Each time a user has to log into his account and uses his password he will be prompted to a second step of verification in which the mobile device is involved. More info about the matter will be discussed on our next article.
---------------------------------------------------------------------------------
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου