Identity fraud is one of the biggest threats to unwary web users today. It can come in a variety of forms but is often the result of an online account being hacked or details phished via social engineering.
I recently met Jason Hart, former ethical hacker and now managing director of secure authentication firm Cryptocard, who has been banging on for years about how password-based approaches to account authentication are no longer sufficient.
Now, of course, he would say that, given that Cryptocard's job is to sell alternative two-factor-based authentication technology, whether it's via key fob token generators, or passcode-generating software which can be installed on a smartphone.
However, the sheer number of security breaches which have occurred because password security systems have been cracked in the most basic and simple way backs up the two-factor message.
"Why should a [hacker] go to the effort of finding a vulnerability when he could target the password?" Hart toldV3.
"The problem has always been there but the reliance of social networks and cloud computing [sites] on passwords has been explosive. Password security is the only thing that impacts confidentiality, integrity, availability, accountability and auditability."