Protecting your privacy takes combined effort
Issue date: 6/15/08 Section: Technology
(ARA) - Most people have come to understand that it is important to choose a complex password and to change their passwords often in order to protect their privacy and information. But security professionals now believe that passwords simply don't work anymore.
There are too many ways for passwords to be compromised for people to trust this thin layer of protection. The Internet is now filled with technologies specifically designed to capture your password. "Phishing" sites that mimic familiar sites and keystroke loggers that track the information you type are now part of the landscape of the Internet.
People are becoming more aware that it's not good enough to simply be very careful with the passwords that are used for important accounts or Web sites. Most people use the same or very similar passwords across many Web sites and therefore, when a password is captured, it can be used to access many things.
A recent survey found that 70 percent of IT professionals thought passwords were not secure. These same people admitted that one in five companies had already had a security breach that allowed private information to get into the wrong hands. The U.S. Federal Trade Commission claims that consumers lost more than $5 billion to identity theft in 2007 and businesses lost far more.
"Consumers need to become more aware of the danger of relying exclusively on passwords to protect their personal information; and Web sites need to provide simple and inexpensive ways for consumers to protect themselves," said Evan Conway, chief identity officer of Positive Networks, a company that specializes in working with companies and Web sites to ensure that privacy and information is protected.
One approach, he explains, to having a more secure site is a concept called two-factor authentication. The idea is that prior to allowing someone access to an account, a Web site or application checks two separate things for identity verification.
"Not only does the consumer need to have the password, but must also have an additional method to prove their identity," said Conway. Sites that use Positive Networks' PhoneFactor (www.phonefactor.com) technology, will instantly ring either the customer's mobile or landline phone when someone signs onto an application or Web site. The password is verified just like normal and then the user must answer an instant automatic phone call to gain access. It only takes seconds and generally comes at no cost to the consumer. In additional to preventing unauthorized access, it proactively notifies a consumer if there is a fraudulent attempt to gain access being made.
There are too many ways for passwords to be compromised for people to trust this thin layer of protection. The Internet is now filled with technologies specifically designed to capture your password. "Phishing" sites that mimic familiar sites and keystroke loggers that track the information you type are now part of the landscape of the Internet.
People are becoming more aware that it's not good enough to simply be very careful with the passwords that are used for important accounts or Web sites. Most people use the same or very similar passwords across many Web sites and therefore, when a password is captured, it can be used to access many things.
A recent survey found that 70 percent of IT professionals thought passwords were not secure. These same people admitted that one in five companies had already had a security breach that allowed private information to get into the wrong hands. The U.S. Federal Trade Commission claims that consumers lost more than $5 billion to identity theft in 2007 and businesses lost far more.
"Consumers need to become more aware of the danger of relying exclusively on passwords to protect their personal information; and Web sites need to provide simple and inexpensive ways for consumers to protect themselves," said Evan Conway, chief identity officer of Positive Networks, a company that specializes in working with companies and Web sites to ensure that privacy and information is protected.
One approach, he explains, to having a more secure site is a concept called two-factor authentication. The idea is that prior to allowing someone access to an account, a Web site or application checks two separate things for identity verification.
"Not only does the consumer need to have the password, but must also have an additional method to prove their identity," said Conway. Sites that use Positive Networks' PhoneFactor (www.phonefactor.com) technology, will instantly ring either the customer's mobile or landline phone when someone signs onto an application or Web site. The password is verified just like normal and then the user must answer an instant automatic phone call to gain access. It only takes seconds and generally comes at no cost to the consumer. In additional to preventing unauthorized access, it proactively notifies a consumer if there is a fraudulent attempt to gain access being made.
Be the first to comment on this story