Ever since Yahoo revealed that over 500 million accounts were hacked in the past one year, the media sites have been breaming with news. With some criticising their security policies and others warning users to keep an eye on the common security measures, it is apparent that some critical lessons that ought to be learnt aren’t being given closer consideration. Many media sites are focusing on the negativities at the expense of critical lessons, which are essential to businesses and consumers alike. So which are some of these lessons?
It’s more about data than money
With advancement in this information era, the criminal trends are shifting from stealing data to stealing private information. Apparently, most hackers are concerned with big data from people’s private lives. What does that mean to the average consumer? Enhancing security of your computer system is a key priority. You should always be in the alert when it comes to protecting finer personal information.
Unfortunately, not so many people are concerned when they get wind that hackers got access to information like their names, email addresses, and dates of births. For the average person, it might be quite challenging to understand why a proficient hacker would risk everything just to have such ‘basic’ information. What no one tells them is that such hackings form the basis of serious crimes like identity theft. Trim Earline, one of the ardent security experts further explains that getting accessing to people’s private information plays a greater role in the increased phishing campaigns.
There is a rising concern of state actors carrying out some of the greatest hacks leading to breach of consumers’ privacy. Jonathan Sander, a key player in Lieberman Software believes that a state actor had a significant role in the recent Yahoo Security breach. For the common citizen, it might be confusing if not unbelievable. Why would the government want access to privy information about the same citizens it is supposed to protect? One possible argument is that the government needs people’s personal information in order to be in a better position of discerning the foreign government employees who are not careless with critical information. With such information, the government can also come up with policies in order to drive the citizens in a certain direction ‘without their knowledge’. There are many other possible aims why state actors might take part in such a security crisis.
No More challenge questions for Authentications
Following the recent scandal, Yahoo categorically stated that it invalidated the possibility of unencrypted straight answer security questions being used to access people’s private accounts. In addition, it stressed the need for changing the questions and answers used for different accounts across other platforms. From the outset, it seems a perfect idea. Pressing further however, you realise the matter at hand goes deeper than this. Does it mean you will be resetting your mother’s middle name? Will you have to change the colour of your first car? There is only one place you went for your first data and there’s almost nothing you can do to change that. How then does Yahoo recommend changing answers to such answers for security reasons?
The underlying truth is that challenge questions such as these aren’t the best forms of authentications. Their very nature doesn’t allow for adept privacy because anyone can have an answer to some of these personal questions. Hopingly, the Yahoo Security scandal will serve as a good lesson to some of these firms, which still use such questions as authentications. A recent study shows that most consumers believe the biggest security threats are unencrypted challenge questions. According to the Chief Scientist at Securonix, this form of authentication is limiting to a certain extent. Constantly changing such authentications in case of security breach is possible but wait; for how long will you be able to change the name of your favourite pet? How many best dishes can you possibly have? At the end of the day, one realises that challenge questions comes with myriad limitations when used for authentications.
Go Beyond the Obvious
In its announcement, Yahoo explained that the affected accounts were the ones bearing hashed passwords. What does hashed mean to an average person? Even more, Yahoo did not bother going into depth to explain how hashed passwords bore security loopholes. Adept remote DBA experts believe that by saying this, the Yahoo team was simply shifting the blame or risk to the users who might not have had an idea of the effects of hashing using bcrypt.
For a company like Ashley Madison, which used salt hash that is believed to be better, there was a security breach using other forceful passwords cracking methods. For companies, this means you have to take your security measures beyond the news. A simple security breach of one type should inspire you to radicalise other forms of beefing up security. You should different strategies to deal with brute force cracking of passwords in case of a security breach.
Something that not so many people appreciate is that combating such cases of security breaches goes beyond passwords. Other security measures limiting the number of wrong login attempts should be in place. In addition, the system should be able to detect any login attempts from automated systems. Most importantly, the need for drawing comparisons between login data and c common stolen passwords is also a necessity in combating brute force cracking of passwords. Nevertheless, it is worth understanding that prevention of such attacks isn’t an easy thing. Consumers should therefore be keen on responding promptly to security alerts whenever called forward.
Ideally, with over half a billion accounts hacked within a span of one year, here is more to worry about than merely changing passwords. It goes far beyond dropping the habit of using one password across multiple platforms. Unless consumer and businesses are willing to set their eyes on the more important lessons, the world might just be preparing itself for the next big security scandal that may make the Yahoo Security Breach appear like a child’s play!
Guest Post By: Sujain Thomas is an experienced analytical data expert with major interest in big data. Besides thriving as one of the most successful remote DBA experts she has also written many articles on big data. For any questions, feel free to visit her website.