Sunday, April 5, 2015

Drop User Names To Improve Security, Says Dartmouth Research - Dian Schaffhauser, THE Journal

According to a new paper put out by the collaboration, "How To Count to Two: What 'Two Factor Authentication' Misses," the problem with schemes that rely on the use of user names and passwords for authentication is that they're only as strong as the weakest user in the network. Figuring out somebody's user name can lead cyber criminals to additional information about that individual online, which can help in figuring out what that user's password is too. Once the personal information of one user in a system is breached, the hacker can make a "lateral move" to explore more of the target network and uncover additional accounts that can be compromised. Use of this ever-growing "footprint" in the network may allow the hacker to uncover private information about "higher value targets," whose access to network resources can lead to the kind of data breaches that make the effort worthwhile for the criminal.

No comments:

Post a Comment