Spread of computer viruses , violations of personal data,
malware attacks accompanied by a ransom note, but not only: the intrusion of
unwanted "guests" into our digital devices is an increasingly common
phenomenon.
We are faced with a serious threat that puts our privacy and
the protection of our sensitive data at risk . In the worst case scenario, the
danger is that of stealing bank credentials which can lead to unbridgeable
losses in our personal assets.
Faced with the growing use of digital devices to perform the
most disparate operations that affect our daily lives, it is clear that
becoming more aware of cybersecurity is a necessity that does not spare any
institutional reality, no company, let alone no citizen.
To get an idea of the extent of the problem, it is
sufficient to cite some data. According to the Clusit 2019 Report , 2018 was a
black year for cyber security. Across the world there has been a dramatic increase
in attacks.
A trend that has not spared even Italy, where there has been
a growth of 37.7% of serious attacks compared to 2017. A correct approach to
cyber security cannot be separated from a knowledge of authentication methods .
In this article, we will focus attention on the most current
developments affecting this essential aspect of
cybersecurity services.
We will focus in particular on the current use of passwords
and on the new alternatives that, alongside modern and safe professional
antivirus , as well as solutions in terms of firewalls , they are implementing
to keep cyber threats at bay , in order to safeguard the user safety.
Summary:
·
Passwords and authentication methods: how to
protect yourself from data theft
·
Authentication methods: basic features
·
Authentication with password
·
Password: errors to avoid
·
Attacks on passwords
·
Two-factor authentication
·
Biometric recognition
·
UAE
Technician: specialists in computer security
Authentication
methods: basic features
At the IT level, authentication is a function which, after
verifying the identity of a user , allows him to access a protected technical
or information resource, authorizing him to use the relative services associated
with it.
Behind what appears to be a simple definition in words, are
hidden technical aspects and essential functions that actually make
authentication a very complex process.
In choosing the best authentication method, it is necessary
to keep in mind a series of factors such as:
The vulnerabilities of various resources such as computers,
smartphones, tablets but also intelligent equipment that are currently able to
connect to the Internet.
The level of security . An authentication method must be
able to deal with external attacks by attackers and to respond efficiently to
any negligence on the part of the user who uses it.
It is good to remember that not all users
have the same ability to interact with technological tools. In addition to
being a security guarantor, the authentication process must therefore be quick,
intuitive, easy to perform and possibly capable of adapting to the different
platforms and user needs.
Authentication with
password
The use of the first computer-based passwords dates back to
the 1960s. Although several decades have passed, the use of this authentication
tool does not yet seem destined to set.
Faced with the innumerable violations of sensitive data that
have been occurring in recent years, more and more users recognize that
traditional passwords are inadequate to face growing cyber threats.
Yet, although new solutions continue to be announced,
passwords still remain the most user-friendly authentication tool and the
starting point for securing our sensitive information.
Password: errors to
avoid
The choice of passwords must be carried out in an extremely
scrupulous way. It is easy to imagine the damage that password stealing could
cause on a personal level and even more within a professional reality.
From the
violation of administrative credentials can indeed derive incalculable
financial damage as well as theft of information and documents submitted to
company or industrial secrecy.
One of the most common errors that users can become
responsible for is creating passwords that are easy to remember or, worse
still, always use the same combination for all the services you access.
There is no more serious lack of information security.
In
similar situations, it is sufficient for a hacker to be able to take possession
of even a single account of the unwary user to freely access all the other
services that the person uses, subtracting the most confidential information.
Similarly common
negligences by users are:
The creation of passwords containing one's birth date or trivial
text strings such as "abcde" or "1234", that is passwords
that can be easily guessed.
The disclosure of your authentication data to relatives,
friends or colleagues.
L ' inadequate password protection , pinned on loose sheets
or clear a file such as Word or Excel documents.
These errors are accompanied by the trap of phishing , a
real scam carried out through digital communication, through which an attacker
pretends to be an entity reliable and thus tries to deceive the victim on duty,
convincing her to provide him with access codes, financial data or personal
information. A trap in which many users still continue to fall, despite
frequent awareness campaigns about it.
Attacks on passwords
Regardless of the attention that a user can put in the
protection of their login credentials, there are other types of attacks that an
attacker can put in place to steal a password .
At the local system level, one of the most common techniques
is the so-called brute force attack or Bruce Force Attack . This is a type of
attack particularly widespread in the theft of login credentials on sites and
blogs, which is based on a rather simple logic.
Using a Bot software , you try to log in by bombarding the
server with alphanumeric password combinations, until the right string is
found. Another common technique is the dictionary attack , which aims to find
out the password by searching among huge lists of stored words.
The success of this type of attack usually depends on the
computing power available and therefore also on the cost of the computer.
An obstacle that can still be circumvented today, by
resorting to Cloud Computing solutions that make available computing powers
previously available only for companies and organizations capable of affording
substantial financing.
A good rule of thumb to combat the types of attacks
described so far is to create increasingly long and complex passwords , so that
they are difficult to identify. Generally a password ranging from 12 to 16
characters can be considered sufficient.
Different is the case in which the attack derives from the
installation on the user's device of malware equipped with keylogger , that is
software that can monitor the texts that are typed on the keyboard.
In order to effectively deal with this type of attack, it is
advisable to always have up-to-date antivirus and antimalware , as well as
improve the security level of your network, providing valid firewall solutions
.
Two-factor
authentication
In order to increase the level of security by ensuring
correct protection of access credentials, more and more online services are
currently recommending activating
two-factor authentication. Also called " two-step
verification" , "two-step authentication" or "2FA"
(from the English "Two Factor Authentication" ), this authentication
method, as the name suggests, is a particular access procedure that takes place
in two steps.
First the usual credentials are required , that is a
"username" accompanied by the respective password.
In the second step, you are asked to enter a further code
that can be used only once, which is generated and sent to the user a few
seconds after making the first step.
The second code can be delivered to the user through various
means , including, for example:
·
An SMS
·
An e-mail
·
A voice
call
·
A code
maker app
·
A Token ,
or a device capable of generating secret codes.
Once the code has been received, it is sufficient for the
user to enter it in the appropriate field and give confirmation to be able to
conclude the access.
L ' authentication two steps is for example very exploited
in home banking, which is generally supported by the use of Tokens. It should
be noted that with the passage of time, as a consequence of the widespread
diffusion of smartphones and tablets, the physical Tokens are gradually
becoming disused.
To replace them there are special apps that are able to
generate and transmit authentication data in a protected way, performing a
function similar to physical Tokens albeit in digital mode.
While not definitively ruling out the theft of credentials,
it is undeniable that two-pass authentication significantly decreases its
chances, constituting today as today one of the safest authentication methods.
Biometric recognition
In recent years the technological developments have allowed
us to create the biometric recognition, an authentication technique that can
identify a user based on some of its physiological or behavioral
characteristics, such as the scanning of the face , the iris scan , the
fingerprint, the vocal fingerprint , the typing style on the keyboard and the
body movements.
The technique is based on hardware systems aimed at data
acquisition to which software components are integrated which, through
mathematical algorithms, allow to reconstruct the identity of a subject,
recognizing it.
Biometric recognition
is a certainly convenient and immediate authentication method.
However, there are still several problems that limit their
diffusion on a large scale. Among the main obstacles, in the case of remote
access, for example, it should be remembered that Web service providers do not
use this method both because of the difficulties in collecting biometric data
and because of the criticality that occurs during the storage phase.
At the local access
level , however, biometric authentication is already widely exploited.
Just think of the use that is made of it as an access method
in smartphones. In this particular context, biometric authentication proves to
be very effective. Not only because it is practical but also because the theft
of biometric data at the local level is almost impossible for any attacker who
illegally takes possession of the device.
However, it should be remembered that even when biometric
authentication is applied on smartphones, a password remains in parallel to
protect the user in the event of an improper use of the authentication method.
Despite the interesting prospects that are opening up on the
technology front, in the end, it can be said that in the current state of
things there is still no authentication method capable of totally and
definitively replacing the password.
We therefore look forward to future developments,
remembering that Cybersecurity represents a priority area of action for any
company or institutional reality that really wants to safeguard its security.
UAE Technician:
specialists in computer security
UAE Technician is
a company specialized in the sale and rental of latest generation IT solutions
.
Our catalog offers a wide range of products and services,
ranging from multifunction printers to SAN and NAS storage systems .
Among our products you can also find cutting-edge solutions
such as professional
antivirus or firewall , essential tools to protect your digital devices and
your network from dangerous computer breaches.
