Tag Archive for: improve

Expert: ‘Drop passwords altogether’ to improve online security

/in


LONDON: The public and businesses need to “drop passwords altogether” and move to other technology to protect personal information from hackers, a top cybersecurity expert has said.

Marking World Password Day on May 5, Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”.

He called on the industry to move to other forms of log-in such as multi-factor authentication (MFA) – where users must provide an additional layer of identification to log in – or biometrics such as face or fingerprint scans to improve the general safety of personal data.

Williams said a key issue was the widespread use of simple and easy-to-guess passwords.

Data shows that common and obvious phrases such as “password” and “qwerty” – in reference to the common computer keyboard layout – are often among the most used passwords globally.

“Research has come out in the last few days showing the number of CEOs who are still using ‘12356’ as their password is actually quite comical – the assumption is that we’ve moved away from that but actually the data really isn’t supporting that,” he told the PA news agency.

“We know that people are using these ridiculously easy passwords, but the most alarming fact is that they’re not actually just using them for one thing, they use that password over and over again.

“So if somebody gets access to one of your passwords they get access to your crown jewels.

“With everyone working from home, with Covid and people going online for the consumption of everything, the threat landscape is getting worse and worse, and there are some seriously unscrupulous people out there.

“So it really is in everyone’s interest to take it seriously and make sure that we put as many hurdles up as we can.”

Experts advise people who are creating a password to use a collection of three unique, random words and not to reuse them across multiple accounts.

But Williams said where possible, platforms should introduce other ways for people to log in and users should strive to use them.

Source…

New Methods Could Improve Security Of Two-Factor Authentication Systems

/in


artist

When utilized as second-factor authentication, push notifications work as an additional layer of security to protect users’ online accounts from attackers.

Getty Images

 

As an extra layer of security, several online services have adopted push notification-based two-factor authentication systems, whereby users must approve login attempts through a mobile device. In current authentication systems, especially the “tap to approve” approach, there is no explicit link that indicates correspondence between the user’s browser session and the notification they receive on their device. This vulnerability can be exploited by an attacker.

To address this issue, a team of researchers that includes Nitesh Saxena, professor in the Department of Computer Science and Engineering at Texas A&M University, has designed new, easy-to-use methods to counter the vulnerabilities in push notification-based two-factor authentication systems.

“The mechanisms we designed have a similar usability to the original push notification-based authentication method, but they improve security against concurrent login attacks,” said Saxena. “If a user receives two notifications, the notification that corresponds to the browser’s session of the attacker will differ. Therefore, the user should be able to detect that something is amiss and not accept the wrong notification.”

The team’s paper describing the research was published in the proceedings from the 2021 Institute of Electrical and Electronics Engineers’ European Symposium on Security and Privacy (EuroS&P), one of the premier venues for cutting-edge cybersecurity research.

Push notifications are clickable pop-up messages sent directly to a user’s mobile or desktop device via an installed application. They can appear at any time and show various things such as the weather, breaking news, missed calls or text messages, reminders, etc.

They can also be utilized as second-factor authentication (or password-less authentication), which works as an additional layer of security to protect users’ online accounts from attackers. With push notification authentication, a push notification is sent directly to a mobile device —…

Source…

Google warns users to improve your password NOW

/in


GOOGLE users need to double-check their passwords in the face of phishing schemes, data grabs and other attempts to steal personal information via Gmail, Google Drive and Google Chrome activity.

Because Google accounts act as a centralized hub for many users, they can be a valuable mine of data for hackers, especially when it comes to Gmail accounts that are tied to other websites.

Google users need to change their passwords to avoid these seven ways hackers target your account

1

Google users need to change their passwords to avoid these seven ways hackers target your account

Hackers can exploit a Google account through various avenues to obtain personal information, so users need to be wary of the many openings for

“It’s risky to use the same password on multiple sites,” Google advises on its security page.

“If your password for one site is hacked, it could be used to get into your accounts for multiple sites,” the tech company explains.

The Sun has contacted Google for comment on password security.

The following means of stealing information pose an especially severe threat and make it crucial for Google users to renew their passwords on a regular basis.

Public WiFi

The very same factors that make public WiFi so easily accessible also open it up to the most risk on phones and other devices.

Because there are so many avenues for hackers to take advantage of WiFi, it’s important for consumers to be vigilant of multiple security shortcomings to keep their personal information safe.

One scheme operates by making replicas of popular websites, and presenting that page when someone tries to log on to the legitimate site on public WiFi. 

Unencrypted networks also open the door to a practice called “packet sniffing,” which allows hackers to acquire information that they analyze later.

This makes it possible for hackers to steal your password over a basic WiFi connection.

Phishing Attempts

Phishing emails look legitimate, so the untrained eye doesn’t hesitate to click a link, open a document or respond with information.

But researchers at Google discovered more than two million phishing websites last year – an increase of 25 percent compared to 2019.

Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick the victim into…

Source…

Students learning to hack, improve security of hospital medical devices

/in


AUGUSTA, Ga. (WJBF)– The push to protect your personal health information is front and center at the Georgia Cyber Center this week.

Students are learning how to hack into medical devices and uncover weak spots in a hospital’s cyber security.

“They’re really focused on blocking and tackling right now. How do you secure these medical devices that are all now connected to the internet? Augusta University has taken on to lead a medical device security initiative,” executive director of the Georgia Cyber Center, Eric Toler said.

In the past, medical devices could only be accessed physically, but now they communicate over wireless networks.

“And that adds to the vulnerabilities that are in those devices, so we’re looking at ways to help make those devices more secure,” head of the Cyber Program of Study, Dr. Michael Nowatkowski said.

Dr. Nowatkowski is teaching his students to be on the cutting edge of medical device security.

“As we’re making these devices more and more network enabled, the importance for people who know how to communicate and make these devices more secure is becoming more important,” Dr. Nowatkowski said.

Students are uncovering weaknesses in infusions pumps that administer medicine, glucose monitors, CPAP devices, implanted pacemakers, and X-ray machines.

“We wouldn’t want someone hacking into those devices and changing their behavior, which may administer too much medicine to you or not enough, or may do other actions that would cause the patient harm,” Dr. Nowatkowski said.

And they’re testing the security of hospital patient records.

“You wouldn’t want your medical history or your medical conditions broadcast out for everyone to be able to see,” Dr. Nowatkowski said.

This week, Dr. Nowatkowski is lecturing on medical device security at the Georgia Cyber Center’s inaugural Critical Infrastructure Cyber Security conference. He’s discussing how these devices could be used to launch ransomware or to breach patient data.

The conference wraps up Wednesday.

Source…