Skip to main content

Most Popular Authentication System And Their Problem, They Are No Longer Secure

Although there are lots of method and devices available for authentication, each of the authentication that we use has their own limitations. Below are the authentication systems that we are using and their limitations:
Password
ID and password are the most common and widely used authentication method. Although it is one of the widely used methods it carries huge security risk. One of the biggest problems with this system is that anyone can guess the password and can be shared knowingly or unknowingly. Also, the no. of the password will increase with the no. of service that user uses. It is insecure to use a single password for all the websites, so it is recommended to create a unique password for each website.
Users cannot remember all the passwords that they have, and they might write it somewhere, which can later be leaked. The password can easily be stolen online by using phishing sites and can be stolen with keyloggers. We can create a strong password by using long characters, but it poses a risk of being stolen by a recording camera, social engineering and the method mentioned above. There is a huge chance of a password being leaked by human error.
Biometrics
Biometrics is considered a secure authentication method than password and it is quite popular these days. We have lots of devices with fingerprint, iris scanner and face recognition for the identity management. Although it is secure than traditional pin or password it is not 100% foolproof. Fingerprint has already been spoofed by creating 3D printed fingerprints. Also, the face ID by Apple on iPhone X was also bypassed. One of the biggest disadvantages of biometrics is that it will last for a lifetime. For example, if someone created a fake fingerprint of our finger then it will be the same for forever and the attacker can get access anytime using our fingerprint.
Two-factor authentication
Two-factor authentication is being widely used these days by lots of corporates. Since it requires multiple credentials for the authorization is considered more secure. If one of the credentials is leaked, then the attacker will not be able to gain access to the system due to the need of multiple authentications. Although it seems more secure, it has some limitations. A most common method of 2fa is to send the code over SMS and SMS message are notoriously insecure. A potential attacker can sniff the message and can read the authentication code.
Social media login
Most of the websites these days have adopted social media login. Users can log in on the websites by using their social media accounts like Google, Facebook, Twitter, Instagram etc. It is very easy for the user to login with social media accounts because they don't have to create a separate account for each site and they can log in on multiple sites with single social media accounts. If the social media account of the user is compromised, then the attacker can get access on all the sites that user had created an account using that social media account. Therefore, it is not considered that secure.

Most of the authentication method that we use these days are not secure and the credentials can be easily stolen with social engineering, phishing, and brute force attack.

Popular posts from this blog

Why should we stop using SMS-based two-factor authentication?

 Today, securing an application is challenging as attackers are becoming increasingly sophisticated. A proper authentication system plays a significant role in application security, as, without one, the app’s vulnerability could allow a malicious person to gain unauthorized access. Poorly configured authentication systems and human error are the most common reasons for data breaches. Therefore, to address this issue, the concept of two-factor authentication (2FA) or multifactor authentication is applied. In addition to user ID and password, 2FA requires users to input a temporary code unique to them to verify their identity. This creates an extra layer of security by adding one more element to the authentication process. If a user’s login credentials are compromised, malicious actors won’t be able to access the resources since they would need to have both the login credentials and the 2FA code.  One of the most widely used methods of 2FA is an SMS-based code, where the user needs to en
Read more

Five Ways to Get Rid of Cryptojacking Malware

Cryptojacking is a growing threat in 2018 and there are several ways to prevent this threat. Few of the methods to prevent this emerging online threat are discussed below. Installing browsing extension Most of the crypto mining malware works from the web browser so we can stop that malware by installing a browser extension. There are few browser extensions like ublock origin & Malwarebytes that will help to block any cryptojacking scripts. If we have these extensions installed on the browser, they will automatically stop those scripts from running on the browser which will prevent the browser from running the mining code. Those extensions are available for free and they regularly update their signature. Since they will automatically filter the mining codes we don’t need to check them manually. Therefore, installing a proper extension will help to get rid of cryptojacking malware. Installing only trusted applications Another big source of crypto mining malware is untrusted ap
Read more

What is Ransomware & How to Prevent it?

Hackers are looking for a new and easier way to make money by entering on other people's system and ransomware is one of the tools they use to make money by locking the computer of people and organization. In my previous article, I discussed cryptojacking malware and why it is a big threat to information security. On that article, you can read how and why bad guys are injecting code on people's computer to make money from that. Ransomware is another major threat to cyberspace that I would like to discuss this article. What is ransomware? Ransomware is a software that is designed to block access to any system, files or operating system until we pay a certain amount to the attacker. Most of the time the attacker will encrypt the files of the computer and they will provide the key to decrypt only after paying the amount they are demanding. Most of the ransomware attack will give very limited time to the victim to pay the demanded amount and if they fail to decrypt it within th
Read more