by, Brian Spector, CEO, Certivox<\/p>\n
<\/p>\n
When my team started to work on a paper about the vulnerabilities of usernames and passwords recently, I decided we would defy typical cryptography vendor behaviour. Instead of a technical whitepaper full of architecture diagrams and mathematical notation, I told my team I wanted them to do wide-ranging research to argue a cause<\/em>, in order to support a business case<\/em>. The material they researched became The Death of Username and Password<\/em><\/strong><\/a>, a unique new study launched exclusively at Parallels Summit 2013.<\/em><\/strong> <\/em><\/p>\n <\/p>\n Tenfold shame<\/strong><\/p>\n The paper explores ten core truths that show the weaknesses of username and password so clearly<\/em>, that when I found out what they had unearthed, I frightened myself.<\/p>\n Did you know, for example, that the IEEE (Institute of Electrical and Electronic Engineers) – one of the most respected organisations in the world – lost over 100,000 user logins to hackers because it was storing username and password information in a file on its website? And that the areas of the site that were compromised potentially included sensitive Western military engineering data?<\/p>\n And had you considered that the speed and ease with which hackers can now access username and password files has so increased the volume<\/em> of confidential user data being illegally traded online that this data now sells for next to nothing? (European credit card data, for example, will sell for around $3 per card on the internet – US and Canadian, a mere $1). Like I said, scary stuff.<\/p>\n <\/p>\n Not just a consumer story<\/strong><\/p>\n But it was the data on users’ real-world experience of actually using<\/em> passwords that really<\/em> made me wince, because its consequences aren’t restricted to consumers or hobbyists. Rather, it’s an issue for every single internet and cloud user, from the provisioning supplier to the individual end-user – and every party in between.<\/p>\n Users forget <\/em>passwords. <\/em>Consider this:<\/p>\n More worryingly, users routinely pick passwords that are laughably weak<\/em>, in an effort to increase their memorability. A recent security breach at Yahoo, for example, showed that thousands of users’ passwords were either “password”, “welcome”, “123456” or “ninja”!<\/p>\n <\/p>\n What gives?<\/strong><\/p>\n The world is perpetuating a login method that is inherently weak, has been repeatedly compromised, is single-handedly responsible for making the thousands of dollars’ worth of credit tradable on the internet for less than the price of a packet of cigarettes – and that everybody hates and finds difficult to use anyway.<\/p>\n\n