Despite our laziness and irresponsibility in choosing a coded character set, passwords have served us faithfully for a long time. However, their time may be behind us.
Fact: Passwords by themselves are no longer effective. There is no doubt about that. 2014 will be remembered by many as the 'year of hacking' after a separately taken criminal organization from Russia took possession of more than one billion passwords. Since then, theft of passwords has confidently “registered” in the news and the first on this list is the theft of three hundred twenty thousand passwords in Time Warner. Compare this information with the fact that the most popular passwords in 2015 (!) Were '123456', 'password' and 'qwerty', and it becomes clear that users are under constant and very likely threat of becoming a victim of a destructive invasion of privacy.
What's at stake? Access to bank accounts, credit line accounts, medical records, wills, information about our children, full report of correspondence via SMS and e-mail, and much more. When fraudsters receive our password, then the entire personal profile is in their undivided use.
Some users are savvy enough to know not to open emails or follow links from unknown domains. Many have trained their eyes to spot suspicious links or strange email addresses. But when people receive a link / mail from a friend, they are more likely to open it. Or, for example, when they receive a letter with a bank account, they will pay it. This is where the hunt for unsuspecting users takes place. With billions of stolen passwords at their disposal, criminals can easily turn into our friends, employers and bank representatives. Then they write fraudulent letters on behalf of reliable recipients, containing software known as a keylogger or keylogger and automatically recording every keystroke by the user, and this applies to both normal browser actions and passwords and messages in chats. Such software exploits known vulnerabilities in Java and Flash, which are often overlooked by users, and then sends the information it receives directly to the bad guys.
As the name suggests, Multi-Factor Authentication (MFA) requires multiple sources of information to provide access to personal data. Even conventional fingerprint scanners provide an additional layer of security beyond the password and can prevent the scale of hacks that we have seen over the past two years. While not ideal, it is significantly better than a single line of defense.
When setting up a protection method, we must proceed from the position that fraudsters already have our passwords. And this becomes more than just an assumption, rather, it is an already accomplished fact. If only a password separates me from my online information, then security is compromised. But this is easy to change. Let's say we add a secret question to the password. Now hackers will have to put in more effort. Or create both a password and a code that is sent by text message to your mobile. This is even more reliable than a security question, because in order to hack, the attacker needs to get the victim's phone. And if the phone has a fingerprint scanner, then the barrier for criminals becomes even more impregnable. A scenario like this would require both a phone and a fake fingerprint – or the ability to intercept messages en route to a specific device. The password alone is no longer enough.
There are no ideal solutions among those mentioned, but they are a call to arms and a fundamental shift in the right direction. As part of the industry, the IPA gives us time to move away from passwords in favor of better, more secure methods of identity verification. Analytical, heuristic, and behavioral methods are perceived as sci-fi tools of the future, just like in the recent past people thought about mobile phones. Today they may seem unreal, but over time they will become part of our daily life. Over time, we will approach the ideal, but for this we need to use the best methods and methods of protection today.
Original material by Chris Webber
Elir: and again, in the stream of reasoning, the author lost the full-fledged output, and also forgot to tell how to protect against hacking the device. If we talk about devices without a fingerprint scanner, then at least it is worth encrypting the device data, in many modern devices this function is pre-installed. Also, applications like Cerberus can help, providing access to a lost device with the ability to remotely destroy data on it (again, no one canceled the stock Android Device Manager). With regard to accessories, the unlocking option will help only when a specific additional accessory is connected, for example, a special 'plug' into the 3.5 mm port, etc.
Multi-factor authentication has already become a kind of security standard and should not be neglected, because it is a prerequisite for the transition to the next generation of ways to protect information from prying eyes. Already, some manufacturers are experimenting with retinal scanners, so there is a lot of work in this direction. I don't want to sound like an alarmist, but, in my opinion, you need to think about some additional way to protect your device. Again, not everyone is so important to the security of data on the device, because often there is nothing secret there, you can't argue with that. But still, such carefree behavior may well contribute to the fact that, as in the proverb, 'thunder will break out'. In addition, it will protect friends, family and friends from deception through your hacked account.