You need authentication



I am constantly amazed at the lassez faire attitude that the majority of businesses, large and small, have about their online security. 

Those that require their users / members to log on will provide a user name and password log in to verify their identity – and that’s it. 

I suppose that if the large players like Amazon and iTunes can get away with it then the smaller guys think that’s all they need to.
The reality is that if the big boys get a hit – they have the firepower to deal with it.  But SME’s just need one bad hack and they are out of business.   

2011 is going down as the year of the ‘Hack’ http://www.infosecurity-magazine.com/view/22481/year-of-the-hack-/?utm_source=twitterfeed&utm_medium=twitter) with many high profile victims like SONY, RSA and Epsilon losing millions of their users personal information.    Despite this there seems to be the attitude that ‘ it cant happen to me’ .    I have just read about the latest phishing scam targeting Amazon users ( http://bit.ly/tXBENH ) – warning you that your account is about to expire and that you need to re-register.  In the process handing over your precious information and opening up your Amazon account to the hacker.    There is also one going around for PayPal and Apple at the moment.   Yet they persist with user name and password.   Incredible. 

 I suspect there is a bit of the “ it wont happen to me “  but also I believe that most SME owners think that they just can’t afford a proper solution because the image created by the industry is that you have to be a big corporate to have ‘proper’ security.   It clearly is not true.    There are more and more solutions now targeting the ‘low’ end of the market.    While some are  ‘samey’ to the big guys there are one or two which are really quite unique.   What should you look for in such a solution ?

It needs to be easy to get.   You shouldn’t have to call someone – have someone visit you – do some kind of an IT project.  It should be a SAAS service available on line and easy to integrate.

It needs to be easy to use.   Your users should not have to get some ‘thing’  - be it a token ( physical or otherwise ),  a dongle,  a  card reader, a USB key or even a cookie or some kind of software download.   Ideally your users should rely on something they already have like their smart-phone or their laptops as part of the solution.  

It should not cost a lot.  Ideally some kind of ‘Pay as you Go’ solution which means that you don’t incur any unnecessary expenditure upfront in getting the product in place. 

If you are going for something that is more complicated than that then you are making your life difficult.  Check out http://www.liveensure.com

Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

SPOOKS - CYBER ATTACK

Well I’ll be damned – if the subject of my last blog wasn’t the central theme to last nights episode of Spooks – CYBERWAR.    (To those who live outside the UK – Spooks is a very popular TV series about the goings on of a key team inside MI5 who spend their time thwarting terrorist attacks on the UK – while engaging in risqué amorous trysts on the side ).   And so last night we had the Russians and the Chinese –(working together !!) – ganging up on MI5 by infiltrating ( hacking ) their ‘secure’ internal network.     Whether the events portrayed were within the bounds of possibility or credibility who knows?     But if teenagers can break into the Pentagon – then I am sure that Russian/Chinese expert hackers can probably do something along the lines of infiltrating a UK Govt ‘Spooks’ departments network.      Either way it constituted an attack on British soil by foreign ‘combatants’ – which ( if it were true ) would have been a first since the Normans in 1066.   So we saw how vulner
Read more