How to improve the weak link in our security chain.
In the last couple of weeks, multiple blog posts have been reviewing the dangers that come from hackers. For example Jurgen Langbroek wrote about ‘Hackers steal your data during your morning commute’ and 374642bd uploaded the article about bank robbing hackers called ‘Hacking a bank: Low risks, high returns’.
Hackers attack different groups in society and they obtain both generally high value, the bank robbing with high returns, and low value information, the ‘sniffing software’ used to check our online traffic while we are at a local router. But IT companies should address the security both the high value and low value objectives. One may argue that it is also the responsibility of the end-user to be critical over their own security measures (such as the firewall settings, strength of passwords and the frequent change of their passwords) but passwords are described as the weak link in our computer security chain (Stockley, 2015).
This problem is becoming more important as we start to use different mobile devices for our online activities. Leavitt wrote about it in 2005, targeting the mobile phones as the next frontier (Leavitt, 2005), and as we read the blog about our daily commute hackers we can conclude that he was right. In my opinion IT companies need to focus on creating solid and secure solutions, to keep track with the hackers abilities.
For example Yahoo is trying a new feature with the launch of their new email application. They try to avoid weak passwords of the users and use their platform of different applications to enable a new way of logging on. They introduces Yahoo Account Key, signing in is changed from typing in an email and password to receiving a notification to the users phone for access on the computer (Becerra, 2015). But to be honest, as wel as the critique given by Becerra in the article, I’m not sure if this makes the system any more reliable and secure than it was before. For instance if someone also has your phone or the battery died, you would probably wish you still had your password. IT needs to come up with better solutions than this one to make me feel comfortable and safe logging on.
- Becerra, L. (2015). Yahoo’s Latest Attempt at Killing Passwords Lets You Sign In With Your Phone. Retreived at 17 october 2015 from http://gizmodo.com/yahoo-wants-to-kill-passwords-by-letting-you-sign-in-wi-1736697717
- Langbroek, J. (2015). Hackers steal your data during your morning commute. Retreived at 17 october from https://informationstrategyrsm.wordpress.com/2015/10/12/hackers-steal-your-data-during-your-morning-commute/
- Leavitt, N. (2005). Mobile phones: the next frontier for hackers? in Computer, vol.38, no.4, pp.20-23.
- Stockley, M. (2015). Why you can’t trust password strength meters. Retreived at 17 october 2015 from https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters/
- 374642bd. (2015). Hacking a bank: Low risks, high returns. Retreived at 17 october 2015 from https://informationstrategyrsm.wordpress.com/2015/10/13/hacking-a-bank-low-risks-high-returns/