magazine
19
01732 759725
Data Security
Ever more frequent consumer security
breaches highlight how inadequate
passwords have become as a means of
protecting data and accounts.
The problem is not just the large
number of online accounts people
use and the advice to have a unique
password for each one. As Martijn
Verbree, partner in KPMG’s cyber
security practice, points out, even if
you do use a unique password for
each service, simply having your email
account hacked could leave many other
accounts vulnerable.
“When an email account is
breached, it opens up access to other
non-linked accounts that often use
emails to validate password reset
requests. Irrespective of using same/
different passwords, in this situation, the
compromise is wider than just the one
primary account,” he said.
Yet, still passwords are often the
only line of defence. According to the
latest Gemalto Authentication and
Identity Management Index report, only
30% of UK businesses use two-factor
authentication, combining something
someone knows (e.g. a password) with
something they have (e.g. a smart card).
Verbree added: “It is clear passwords
are the weakest link and more needs to
be done by businesses to enable other
forms of authentication to prevent cyber
breaches.We all need to move towards
a more sophisticated approach to
authenticating people, which blends the
use of a two-step validation, behavioural
analysis and contextual information,
rather than relying on knowledge of
a single increasingly user unfriendly
password.”
Extra security
Although still in a minority, more
businesses are using alternatives to
the traditional password or additional
methods of authentication to use
alongside a password in a two-step
verification process. For example, when
signing into your Google account you
can now receive a text message with a
code to confirm your identity.
Facebook recently upgraded login
security for its 1.79 billion users by
integrating the unphishable FIDO U2F
(universal second factor authentication)
Security Key into its social platform.
Users can now protect accounts with a
physical Security Key like the YubiKey by
Yubico.
Yubico and Google co-created the
open authentication standard U2F with
the aim of delivering easy-to-use, strong
public key cryptography on an internet
scale. The YubiKey plugs into a USB port
or connects with a mobile device via
NFC, enabling the user to authenticate
with a simple tap. It can be used to
access a number of online services (e.g.
Gmail, Dropbox and UK government
services) and prevents unauthorised
access to accounts.
Another physical security key, the
blukii SmartKey, provides two-factor
authentication automatically via
Bluetooth. The key pairs with your
mobile device and can be integrated into
a key fob, pocket pen, clip or badge.
blukii also has a notebook protector,
which uses a Smart USB Dongle to
lock access to your laptop when you
are away and unlock it when you
return. If someone tries to get access
to the laptop, an alarm sounds and an
email with images of your computer’s
surroundings is sent to a predetermined
address.
Biometrics and behaviour
Biometric authentication is also
becoming more common as an extra line
of defence. Fingerprint readers and iris
scanners are available in smartphones
Tayla Ansell looks at some alternatives to passwords for
data security
The end of
the password?
Decision-makers
should pay
close attention
to the vendor
service level
agreement (SLA)
and support, ask
about outage
levels and
discuss vendor
availability
continued....
blukii Smart
USB Dongle
Maximise your budget
misco.co.uk/promotion/real-deals
Real Deals
1007375_UK_SP_Real_Deals_Campaign_Bussiness_DPS_75x210.indd 1
2017.02.13. 17:19:50