TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Password Practices Still Poor, Google Says
    Cyber Security

    Password Practices Still Poor, Google Says

    February 5, 2019Updated:February 5, 2019No Comments6 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    The Problems With Passwords and MFA on Safer Internet Day

    To mark International Safer Internet Day (Feb. 5), Google commissioned Harris Poll to survey 3,000 American adults to understand attitudes and behaviors around online security. As expected, there is much room for improvement — and the usual gap between perception and reality is clear.

    Passwords are the big pain point. While 53% of respondents understand the value of including letters, numbers and symbols in their passwords, only 39% do so — and only 23% believe that password length is important. Seven percent have never changed the password of their most used account, and only 23% use a password manager.

    One of the problems is clearly educational. Only 32% of respondents could correctly define phishing, password manager, and 2FA — and 19% were unable to define any of these terms.

    In response to the survey, Google has published its five Official Security Tips. These will have greater resonance for Chrome browser users. They comprise: keep software up-to-date; use unique passwords; take the Google security checkup; set up a recovery phone number or email address; and use 2FA.

    One difficulty for users is that advice on unique passwords and 2FA is not universally consistent. In the UK, the NCSC’s official guidance on passwords includes a section, ‘Help users cope with password overload’, which suggests that companies should ‘only implement passwords when they are really needed.’ 

    Many websites require that you establish an account with a password before you can access the services. If establishing that account does not take any more information than the user allows and is comfortable with, and the service doesn’t store any personal data, then why does the account need to be protected by a strong, unique password? Provided that the user uses a strong unique password for any ‘important’ account, the rest matters less.

    Multi-factor authentication provides an even bigger friction pain point than passwords without always providing any more security. Fausto Oliveira, principal security architect at Acceptto explains, “When users have to consult their Time-based One-time Password algorithm (TOTP) every single time they try to open a website, the temptation is to have the authenticator reside in the same device that is used to access the website. When that happens, the attacker only needs to take control of one device in order to gain access. The user is simply trying to minimize friction, have a better user experience, and is often unaware of the risk.”

    Of course, if a tablet and a phone are carried in the same bag, a street attacker will get access to both devices simultaneously.

    “On the other hand,” continued Oliveira, “if the authenticator is stored on a different device — as it should — the user has to authenticate to that device, open the authenticator and then type the new TOTP code. Unfortunately, doing this routine throughout the day causes a break in productivity and concentration. And a high effort attacker can find ways to defeat the TOTP by hijacking the browser, DNS entries and other similar techniques. Causing this much friction, the authenticator discourages the user which leads to unsecure habits.”

    It’s worse for those users — there are some still — who don’t have a mobile phone or live in a rural area mobile phone dead zone. As a result, users tend to ignore MFA unless it is required by the service — and some services offer it without requiring it. There is an argument that this is a service issue rather than a user issue: services rather than users should decide whether MFA is required. Banks almost universally require MFA; Google offers it but does not require it.

    If MFA is treated purely as a service responsibility, then it would be up to those requiring it to reduce the friction. They are doing so by shifting the second factor (and more) towards behavioral authentication, which can often be taken without friction from the user’s mobile phone. 

    Given the problems and difficulties with MFA — which is not universally offered — we come back to password and password strength. Here the modern user has little excuse given the password storage capabilities of modern browsers. Google’s own Chrome browser, for example, can generate strong unique passwords, store them safely, and insert them automatically at log-on to a site. Users can have as many strong unique passwords as is necessary without having to remember any of them, and without having to rely on a third-party password manager.

    Google’s Emily Schechter, product manager for Chrome Security at Google, describes her work as improving both the security and usability of the browser. She told SecurityWeek that using Chrome to manage internet passwords is completely safe. While it is true that an attacker with access to a device could also access the passwords stored by Chrome, it is already game over if the attacker has the device.

    To further protect the integrity of passwords, Google is also introducing a new Chrome extension called Password Checkup. This extension informs users whenever they use a logon password that is known to have been hijacked. The user can then change the password. In cases where the password was neither generated by nor stored within Chrome, no information is sent to Google.

    In reality, while the jury is still out over the value of some forms of MFA, there is little excuse for the poor password practices detected by the Google/Harris poll.

    Related: Acceptto Emerges from Stealth with Behavioral Biometric Authentication  

    Related: Why User Names and Passwords Are Not Enough 

    Related: Google Helps G Suite Admins Enforce Strong Passwords 

    Related: The Enduring Password Conundrum 

    Related: Spring 2018 Password Attacks 

    Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

    Previous Columns by Kevin Townsend:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    National Security News

    List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

    September 24, 2022 Cyber Security

    Cybersecurity ranked most serious enterprise risk in 2022

    August 31, 2022 Cyber Security

    Registration open for CISA virtual summit on K-12 school safety

    August 31, 2022 Cyber Security

    What do the Trickbot leaks reveal about Russian cybercrime?

    August 31, 2022 Cyber Security

    What cybersecurity measures do CISOs outsource?

    August 30, 2022 Cyber Security

    SIA announces Women in Security Forum scholarship recipients

    August 30, 2022 Cyber Security
    Editors Picks

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022

    Google Cloud Says Running Validator on Solana Blockchain

    November 7, 2022

    European stocks rise as investors boosted by China speculation

    November 7, 2022
    Trending Now

    Evergrande creditors sell ‘Versailles mansion’ plot in Hong Kong

    By techbizweb

    OpenSea Creates Tool for NFT Creators to Enforce Royalties On-Chain

    By techbizweb

    FTSE chairs warn of declining relations with institutional investors

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.