Are Password Failures At The Forefront Of Data Privacy And

Security As the battle between good and evil wages forth bills like SOPA and PIPA along with government regulations seem to be big news. Also on the frontier of data privacy and protection we are seeing hacktivism through malicious attacks exposing confidential information. At the forefront of this mess it is not hard to see that password failures along with an overall lack of security knowledge are what got us here. Government Regulatory Compliance and Bills With data breaches becoming more common, information technology security is starting to be seen as a necessity. Government regulatory compliance such as HIPAA, FFIEC and PCI DSS is already focusing on protection of confidential financial and healthcare data which is being transmitted or accessed through a network. In these cases strong authentication is required to identify a user requesting access to confidential networks. Recently legislation has been trying to move more to data protection matters as well. SOPA and PIPA, 2 government bills which would allow the federal government to police the internet, were shot down by the public recently. The bills would make it possible for the FBI to shut down websites which may be dealing in pirated data. However there is a gray area that exists between what is and what is not personal data or information. That is why many websites, including Google and Wikipedia, protested the bill in order to protect freedom of speech. Hactivist groups also took a stand against the new legistlation with a series of DDOS attacks and possibly data breaches for later attacks. Hacktivist Groups Leading the data breach headlines are groups like Anonymous who participate in hacktivism to take a stand. In recent news Anonymous has claimed responsibility for shutting down the FBI and Department of Justice websites in protest to SOPA and PIPA. In the past year Anonymous and other hactivist groups like Lulz Security have been responsible for shutting down websites through DDOS attacks but more importantly for data breaches which have a longer lasting effect. Data breaches like the Stratfor hack lead by Anonymous have leaked confidential intelligence and personal data. Coordinated with Lulz Sec, Anonymous also breached private data of over 77 million Sony Playstation Network accounts. Many of these attacks spawn from the lack of strong passwords and network security. Passwords and Authentication It is clear to see that data is where the power lies in the future, government wages war against hackers who are not only fighting for privacy but are the same ones leaking it confidential data. It would seem that everyone believes creating stronger passwords will prevent future data breaches however the problem lies in accountability as well. Passwords are too easy to forget, lose, crack, hack and just do not work. That is why password failure is at the forefront of data privacy and protection. All of this along with the fact that our personal passwords are being leaked through data breaches leads to the reality that passwords, no matter how strong, are old news and not considered secure anymore. Through strong authentication however, everyone can forget their passwords, relying on the added layer of protection along with notifications to fight accountability. Two-Factor Authentication is Strong Authentication In order to protect against password failure we have to get rid of passwords all together. How can we do that though? Two-factor authentication through an out-of-band one-time password allows users to use almost any password because the authentication process relies on something you have to identify a user. An OTP is sent to a separate network than the original point of access, usually through SMS text message since the network is out-of-band, cost effective and efficient. By utilizing a mobile phone you also gain notification whenever someone requests access to the account. The new frontier of data privacy and protection relies on authenticated access for remote users. Not only does this prevent from data breach but it allows users to leave passwords behind. Placing accountability back into the hands of security. About the Author: 相关的主题文章: