Page 61 - CDM-Cyber-Warnings-March-2014
        P. 61
     
       	                    :   &1.6(-& (-#42318 6(3'   "' -&$ .% '$ 13               Authentication is the act of confirming the veracity or credentials of an entity, and it is a critical               component  of  eBusiness.  In  an  online  world  where  privacy  and  security  are  paramount,  the               authentication technology has to be complex, individual and virtually flawless.               Online  security  and  authentication  is  growing  as  an  industry  and  it  is  no  longer  a  product-               focused industry, and according to researches such as Gartner, SaaS (Security as a Service) is               expected to grow exponentially with many companies emerging. IDG News reports that cloud               services have a bright future, Gartner valued the industry in 2013 to 2,1 billion USD and are               expecting a growth to 3,1 billion USD by 2015. But this billion-dollar industry is still being based               upon the humble idea of: only the right user should be able to access that user’s information.               But as with most things in life the most simply ideas and problems are made complex by us               humans. Internet security and authentication is no different, and on top of being complex; it’s               old.                                                                       th               The World Wide Web just turned 25 years on March 12 , and password security is just as old               online (and much older in real life). Passwords do offer a minor level of security, and 20 years               ago it was a good alternative. But times have changed, and with only one update worth mention               to solve the problem (the launch of hardware token 19 years ago in 1995), the main way of               authenticate and secure a user is still passwords.               So why are not more online services using the tokens? Probably several reasons such as: cost               (no one would invest 100M to mitigate a security flaw with on-going costs of only 20 million),               logistics (if you don’t know who your user is you can’t send them a token), administration (you               need  to  teach  users  how  to  use  the  new  technology)  and  user  experience  (non  flexible  and               initiative).               Then, why can’t  we just use the passwords? First of all they have limitations in dealing  with               technology  threats  such  as  Man-in-the-Middle  etc.,  but  their  largest problem  is  the  human               behaviour.  People  don’t  do  as  they  are  taught,  and  when  people  reuse  usernames  and               passwords it is an open door to their online identity. By using the same password on several               sites it could result in problems, every site will probably not be hold to the same level of security               and if the passwords gets leaked it can be used on the sites with a higher level.                          "                   #    %                            "      $  "                #                          !    !
       
       
     





