Authentication

Zombies Are Smarter Than Weak Passwords


Imagine this scenario: You turn on your TV and are alerted by a warning broadcast message stating that a “zombie apocalypse” has descended upon us. You run for protection and safety, but something does not seem right. In your mind, the zombie apocalypse should look much different than a regular Monday afternoon. Most other folks around you don’t appear concerned.

The zombie attack on weak passwords

A similar event happened on several television stations back in February 2013. Due to a widespread network breach of emergency alert systems, a video warning viewers of an impending zombie apocalypse was broadcasted to the public. The TV stations had been hacked due to weak passwords created by their employees, many of which were default passwords that had never been changed. Unbelievably, this forced the Federal Communications Commission (FCC) to send an urgent advisory to TV stations nationwide to take immediate action against weak passwords.

Five years have passed since then and policies likely have been put in place to strengthen login authentication and ultimately avoid such a ridiculous scenario from recurring. Although a strong password policy may temporarily remediate vulnerabilities, not updated continuously it becomes a weak password quicker than you think. From insider threats and hacks arising from bad actors, all are motivated by the fluid marketplace on the dark web for such credentials. This confluence of market dynamics continues to intensify the threat of breach in the case of using passwords as a sole cybersecurity measure.

The human brain is a problem

The truth is that passwords are outdated and no longer sufficient as a security credential. We try to complexify passwords and make them harder to recall but in reality, it compels users to recycle, share, or write them down. Seemingly, always stored in obvious places within the workplace. This means that while we are securing one area, we are creating a weak link in the process. Of the estimated 100 billion neurons that comprise the average human brain, just one percent is allocated toward long-term memory storage (source: BBC). The vast majority of human minds are incapable of recalling more than seven to nine digits in either short or long-term memory. Storing and recalling a 15-character string that includes numbers, special characters and case-specific letters is unlikely.

It’s time for human proof authentication

The DigitalPersona solution offered by Crossmatch allows organizations to randomize user passwords into true, strong passwords that defend against phishing, dictionary or cracking and brute force attacks. The user need not recall the password string. He or she can instead present other enrolled credentials or a combination of enrolled credentials for strong authentication – including biometric and behavioral elements – allowing authorization into their systems or applications.

Maybe it is time for an apocalypse…a password apocalypse that is. Explore the zombie-free world of DigitalPersona risk-based authentication.

Authentication
What Data Protection Officers Need to Know for GDPR
Authentication
Are Passwords Your Biggest Obstacle to Passing an NCUA Audit?
Authentication
Why You Should Consider FIDO Universal 2-Factor Authentication
There are currently no comments.