One-time Passwords - Tight Security for Sensitive Data and Responsible Users
(Page 1 of 4 )
Online security is an issue for every business on the Web, and this is doubly true for Web hosters. Passwords have become the common coin for authenticating users, but they have some serious weaknesses. What can a concerned company do? One time passwords (OTP) offer an alternative.
With the advance of technology, hackers' attacks become more and more difficult to prevent, and the damage they can do is considerable. It has often been said that the main reason for most security breaches is not that hackers are so clever, but that security technology lags so far behind or is so improperly implemented that it does not require special skills to break.
One of the cornerstones of today's security is the password. It is not news that, while passwords still pose at least a minor obstacle for hackers, they are not something one can rely on to protect sensitive data. Why? The long list of reasons includes:
passwords can be guessed (this applies not only to weak passwords that can be discovered using a simple dictionary attack; often, passwords used include the user's name, their nickname, their spouse's name, and so forth).
passwords can be stolen (network sniffers or a simple keylogger can capture even the most difficult-to-guess password).
a password can be learned in a legitimate way and re-used by an abuser (even encrypted passwords are vulnerable when stored locally -- not to mention the security risks associated with storing them in plain text).
It is still true that the majority of users are not aware of the risks associated with using passwords for accessing sensitive data. Very often users write their “secret” passwords on a post-it note which they then stick on their monitor, or tell them to their friends and colleagues. And even when users act more responsibly, sensitive data is far from safe with passwords (encrypted or not).
Despite all the weaknesses of passwords, they are still widely used as the only means for authentication in almost everything – from e-commerce, to Virtual Private Networks (VPNs), to logging into company intranets. Even when the transaction itself is encrypted, sensitive data is still not safe because abusers can simply steal the password and impersonate the victim, charging his or her account with hundreds or thousands of dollars, or binding him or her to activities he or she has never done. News about identity theft and other scams on the Web has been reported frequently for the last decade, and one starts wondering if this will ever change.
Yes, it is going to change simply because it cannot stay the way it is now. New security products and technologies are constantly being developed and implemented. One of these technologies is called One-Time Passwords (OTP). OTP is often implemented together with hardware tokens and is also known as Two-Factor Authentication. But due to its relative difficulty to use, and in some cases its high cost, it is still not the standard.
More Web Hosting How-Tos Articles
More By Blue Moon