Skip to main content

Most Popular Authentication System And Their Problem, They Are No Longer Secure

Although there are lots of method and devices available for authentication, each of the authentication that we use has their own limitations. Below are the authentication systems that we are using and their limitations:
Password
ID and password are the most common and widely used authentication method. Although it is one of the widely used methods it carries huge security risk. One of the biggest problems with this system is that anyone can guess the password and can be shared knowingly or unknowingly. Also, the no. of the password will increase with the no. of service that user uses. It is insecure to use a single password for all the websites, so it is recommended to create a unique password for each website.
Users cannot remember all the passwords that they have, and they might write it somewhere, which can later be leaked. The password can easily be stolen online by using phishing sites and can be stolen with keyloggers. We can create a strong password by using long characters, but it poses a risk of being stolen by a recording camera, social engineering and the method mentioned above. There is a huge chance of a password being leaked by human error.
Biometrics
Biometrics is considered a secure authentication method than password and it is quite popular these days. We have lots of devices with fingerprint, iris scanner and face recognition for the identity management. Although it is secure than traditional pin or password it is not 100% foolproof. Fingerprint has already been spoofed by creating 3D printed fingerprints. Also, the face ID by Apple on iPhone X was also bypassed. One of the biggest disadvantages of biometrics is that it will last for a lifetime. For example, if someone created a fake fingerprint of our finger then it will be the same for forever and the attacker can get access anytime using our fingerprint.
Two-factor authentication
Two-factor authentication is being widely used these days by lots of corporates. Since it requires multiple credentials for the authorization is considered more secure. If one of the credentials is leaked, then the attacker will not be able to gain access to the system due to the need of multiple authentications. Although it seems more secure, it has some limitations. A most common method of 2fa is to send the code over SMS and SMS message are notoriously insecure. A potential attacker can sniff the message and can read the authentication code.
Social media login
Most of the websites these days have adopted social media login. Users can log in on the websites by using their social media accounts like Google, Facebook, Twitter, Instagram etc. It is very easy for the user to login with social media accounts because they don't have to create a separate account for each site and they can log in on multiple sites with single social media accounts. If the social media account of the user is compromised, then the attacker can get access on all the sites that user had created an account using that social media account. Therefore, it is not considered that secure.

Most of the authentication method that we use these days are not secure and the credentials can be easily stolen with social engineering, phishing, and brute force attack.

Comments

Popular posts from this blog

What is Phishing Attack? Understanding Phishing and it's Types

Phishing is a method used by fraudster for stealing valuable personal data from a user. It is generally done by sending emails or creating fake websites. One of the most common attacks that we see on cyberspace is phishing and it is rapidly growing cyber threat. To get the personal information from people attacker send a fraud email to large no. of people and few might fall for the scam. The attacker will ask the victim to provide their sensitive information like credit card information, social security number or username, and password. Phishing is one of the most common cyber-attack it is very easy to do, and it also doesn't require much resources and time. Most of the phishing act are automated and the done in a bulk and they wait for the victim to put their information.  The attacker will create a fake login form, malicious files or personalized message and send the victim to take the action on their email. If it reaches up to the victim, then they might think that the email is

How is Mobile Technology & IoT Devices Affecting IT Security

Technology has changed the way we do business and it has become an essential part of modern commerce. Technology has become the need of every business. Not only they are using technology for marketing their product and providing the better support they are also expanding their presence to the digital world with e-commerce. For communication, business is using latest technologies like VoIP which provide more functionality to the organization and is more easier and faster than traditional communication system. Since every employee needs a computer for their job in the organization, some companies are also promoting Bring Your Own Device (BYOD) on their organization, as it can reduce the cost of buying a new device and increase efficiency since employee are working on their own machine. Although these new technologies have made the job easier and faster they possess several threats to the business. We can see smart IoT devices being installed on the organization to monitor the envi

How to Identify Cryptojacking Malware?

There are several ways to identify the hidden crypto mining malware on our computer. We can either detect and identify that malware manually or by using the third-party antivirus or antimalware tools. These are the few ways to identify the cryptojacking malware on our computer. Monitoring CPU usage If we see unusual CPU usage behavior then our computer might be infected with cryptojacking malware. Usually, there won’t be much CPU usage when the computer is idle. We only see a spike in CPU usage when we are using heavy programs, so if we see high CPU usage on our computer when we are not using any programs on the computer then this might be the result of cryptojacking malware. We can manually monitor the CPU usage of our computer when we open any web browser or open any website. If the CPU usage is increasing when we open any website then there might be cryptojacking code on the website, we can then block those websites from being loaded on our computer. If we see high CPU u