Posted by secExtra on July 29th, 2010

“The potential security breach of Hell Pizza yet again exposes the inherent frailty of passwords as a method of authentication and illustrates the risk of using the same password for numerous websites and online banking. However, users really aren’t to blame because recommended ‘strong passwords’ are just not very easy to remember, especially when you are advised to use a different password for every web-site you visit. This is clearly highlighted by the ‘forgot my password’ feature present on the password login screen.

“Every day millions of people log in to a variety of internet sites, from banks and social networks to on-line shopping portals, using a username and password combination. The owners of these sites have chosen this method of authentication in the misguided view that it is cheap and offers a good level ofsecurity. In reality, it is neither. Passwords can be compromised through various forms of attack, including shoulder-surfing, key-logging and screen-scraping.

“In order to genuinely improve security, organisations need to abandon login systems based on fixed passwords and PINs and replace this flawed method of authentication with a one-time passcode method. By making this change, organisations will reduce cases of data loss and identity theft while also saving money and improving customer satisfaction to boot.”

Comment from Stephen Howes, CEO of GrIDsure, the innovative alternative to PINs and passwords.