Terry Corbell, The Biz Coach
By Terry Corbell
Business Consultant

Security Needs Update: Russian Hackers Steal 1.2 Billion Passwords



About 1.2 billion Internet usernames and passwords from hundreds of thousands of Web sites and 500,000 e-mail addresses have been stolen by a Russian crime syndicate, according to an Aug. 5, 2014 report in The New York Times.

This should revive interest in the movement to eliminate passwords.

Google’s efforts in 2013 to make the Internet more secure by eliminating the use of passwords has already drawn praise from one of the nation’s leading authorities on digital security.

“The premise is indeed interesting and is most likely destined to become reality,” says Stan Stahl,Ph.D., at Citadel Information Group, www.citadel-information.com, in Los Angeles.

Published reports including “Google Prepares to Leave the Password Behind” in PC Magazine indicate Google wants to use “a tiny cryptographic USB card called a YubiKey with a modified version of Google Chrome.”

Google ostensibly wants to make a gadget available that would corroborate the identity of users on all machines from computers to mobile phones.

“Passwords are challenging and difficult for people,” acknowledges Dr. Stahl. “Strong passwords are hard to construct – in part because we do a lousy job of instruction.”

It can be a tedious process if you have a lot of passwords.

“Strong passwords are hard to remember,” says the security guru. “And when we need several of them, they become very are hard to manage.”

Feasible alternative

“Replacing passwords with authentication devices could have the positive benefit that both the web site and the user will be able to authenticate the other,” says Dr. Stahl.

“Right now, it’s often too easy for a fraudulent web site [set up by a cybercriminal to steal your information when you visit, for example] to look legitimate to an unsuspecting visitor,” he adds.

“Done right, an authentication device could authenticate the user to the site and the site to the user,” asserts Dr. Stahl.

But what if the device is lost or misplaced? Indeed, the PC article reports Google probably has a solution.

The search engine has “developed a Google-independent protocol that requires no special software to authenticate a security device. It even includes measures to prevent websites from tracking users via their security devices, and only requires that the user be running a browser that supports the protocol.”

The Google approach appears to be easier and more secure than passwords. However, don’t get complacent and start celebrating.

“…no technology – including technology that replaces passwords – is a silver bullet in the fight against cybercrime,” cautions Dr. Stahl.

“A cyber criminal who takes control of the computer you use to access your bank account will have your access to that bank account, whether you gain access through a password or through an authentication device,” he adds.

From the Coach’s Corner, visit Dr. Stahl’s informative security blog, where you can sign up for his complimentary security updates.

More of Dr. Stahl’s expert opinions:

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

5 Safety Measures to Thwart Mounting Social-Network Attacks  — An epidemic of social-networking attacks represents unprecedented dangers to companies. Here’s how a Facebook user cost her company a $1 million loss.

Who Profits from Android’s Security Issues? Not Users — Countless headlines detail the cyber dangers of Android-based devices. It has to do with the apps.

Cyber Security Legislation that Affects Your Business — A data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Actually, you should take the enclosed precautions even if the law doesn’t pass.

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records — Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

 “Criminals should be punished, not fed pastries.”

-Lemony Snicket

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Enter Google AdSense Code Here
Seattle business consultant Terry Corbell provides high-performance management services and strategies.