Tuesday, 25 November 2014

Username and Password - those days have long gone (Security)

Username and Password - those days have long gone (Security)

Today I am going to write about something quite important in the battle against the bad people. Do I really care how they call themselves?! Not really!!
If they hack n, or chainsaw in, or they butcher in, for me they are still the same to me.

This is my opinion: It is much easier to break something then to build or fix something which is broken.
If I want to break something, give me a hammer and I will smash to bits a phone, PC, TV, Server etc. I want to see anyone putting all the bits together and fixing what is broken....
Anyway, here is my ranting for today!

In the past we used an user name and a password, passwords with 8 characters were considered hard to break. I have seen 12 charactered passwords be broken in 25 seconds.
Even by using complexity, man still no better or safer for brute force attacks, dictionary based attacks etc.

There is something quite nice, it is known by quite few different names:

  • Second-factor authentication
  • RSA Key
  • Two-factor authentication
  • Mobile authentication
  • PIN number authentication
They all do a very similar job; they add an extra layer of security to your account. MOst of them work by requiring a RANDOM generated number, which can be sent to you via text to your mobile. It can be generated by an APP installed onto your mobile like "Google Authenticator".

A lot of Internet services started to offering similar method of authentication.
Just to name some:
  • gmail.com
  • hotmail.com
  • facebook.com
  • Paypal
  • some Banks
  • Dropbox
  • LinkedIN
  • etc
I advise you to set the two-factor authentication for all your services, to all your systems which require login. 
Some two factor providers, allow you to set it for RDP connections, VPN connections, SSH access, webmail access.

I have come across a very nice one from a company called: www.duosecurity.com. It is the nicest and most neat I came across. It is relatively cheap and so easy and quick to set up. Amazing!

If we don't take the initiative to protect ourselves, no one will and guess what, once your system, data, PC, server or device is compromised it is difficult to clean it up. Might as well start all over and might be game over.

Some links on how to set up the Second factor Authentication for various services:

PayPal

Google 

Hotmail

DropBox

FaceBook
We need to start campaigning across the  Internet for each service provider offer similar services. Security needs to come from manufacturers and Service providers.

If you want a second factor mechanism for your webmail, RDP, SSH, VPN, Firewall take a look at the duosecurity website. It is pretty nice.

I hope you make use of this info in a good way and protect yourself.

by Renato de Oliveira

No comments:

Post a Comment