Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Minimizing Fraud Procedures

Kill the Password: Why a String of Characters Can’t Protect Us Anymore AND what to do about it

In his excellent article in WIRED (http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/), Mat Honan described how his digital life was deleted by hackers who used his Apple account to wipe every one of his devices, his iPhone and iPad and MacBook, deleting all his messages and documents and every picture he'd ever taken of his 18-month-old daughter.

He wrote: "Since that awful day, I've devoted myself to researching the world of online security. And what I have found is utterly terrifying. Our digital lives are simply too easy to crack. Imagine that I want to get into your email. Let's say you're on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that's easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you."

He found that there is no such thing as a "strong" password. In 2011 Russian-speaking hackers alone took in roughly $4.5 billion from cybercrime—it's no wonder that the practice has become organized, industrialized, and even violent.

His list of 'How to survive the password Apocalypse' is essential reading for anyone with an e-mail account or who uses electronic banking services, and, particularly, for those in a corporate treasury department.

From all his research he concluded that:

Future solutions
Now comes the hard bit. There is no simple solution, using biometrics as a single factor identifier will not be good enough. It will have to be a multi-factor solution that will certainly involved biometrics AND the cloud, which we won't stop using. Mat concludes: 'we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think'. It will involve significant investment and inconvenience/intrusion into your private life.


How secure is your: electronic banking system? your mobile banking service? your treasury management system? Probably far less than you think. I know I am going to follow Mat's list of 'How to survive the password Apocalypse' as a start.

Like this item? Get our Weekly Update newsletter. Subscribe today

Add a comment

New comment submissions are moderated.