Why Anybody Can Steal Your Passwords

6 Flares 6 Flares ×

You juggle dozens of user names and passwords these days, especially if your business uses multiple cloud services. It’s nearly impossible to come up with new passwords, change them regularly, and resist the temptation to use the same password for everything — or write it all down on paper. Data breaches impact companies large and small on a regular basis, and anyone can steal your passwords; it’s not all that hard to do.

When Malware Ruins Your Day

Malware comes in many types, but there are a few that go out of their way to ruin your day with password­stealing. Keylogging malware and rootkits are two types of malware capable of stealing your password information, and plenty of other sensitive data as well. Malware can reach your system in many ways, but typically it rides along with a seemingly trustworthy piece of software. A recent piece of malware, Fade.exe, installed itself alongside a mod for a popular video game, Grand Theft Auto V. It gathered everything from Facebook credentials to individual keyboard presses. Keybase, another keylogger malware, was attached to .exe files delivered through email for installation.

Malware has been around for a long time, with the first example of a keylogger dating back to 1983. Keyloggers were installed as part of a virus or with trojan­horse software in order to operate for as long as possible without arousing end­user suspicions, reporting stolen data back to the malware’s creator.

Why Malware is Still Around

Malware is still around some three decades later, largely because the sheer amount of passwords people deal with on a day­to­day basis is truly overwhelming. Many companies don’t have security controls that thwart keylogger information, so malware continues to be a profitable way to gain access to accounts. Developing access controls into apps can be a difficult problem for dev­ops, resulting in password controls that aren’t as secure as they could be. That’s where Onion ID comes in.

Make the Jump to Active Authentication

Typical password authentication looks at whether a user is entering the right user name and password, and sometimes has two­step authentication to authenticate whether the user is authorized to log in. However, this requires a lot of work on the user’s end, on top of managing an ever­growing stack of user names and passwords.

Onion ID eliminates a lot of the hassle surrounding access control with features such as IP fencing, geoproximity and geofencing. It’s not enough that the right user name and password is used; the user has to be in the right location as well. Biometrics can also be used as part of a seamless authentication, minimizing input on the user’s part. Onion ID creates a single­click sign­on so it’s easy on the user’s end, with strong security features behind the scenes that make it easy for companies to keep access secure. It’s also much harder for hackers to gain any useful information, as the user never needs to enter a password.

Behind the Security Scenes at Onion ID

Onion ID doesn’t need integration with your existing infrastructure, allowing you to deploy a new layer of security in under a minute. It automates refreshes, institutes invisible multi­step authentication, provides you with an easy way to manage users for secure access control, and works with SSO and SAML. Syncing every five minutes, your security is kept up to date and no one slips through the cracks. Auditing controls let you see everything, from which users are accessing what parts of your site to which users are generating license costs.

The typical user­name­and­password authentication is obsolete in a world where anyone can steal your password. Even with plenty of malware protection, keyloggers can ride along with authentic software — and day­zero exploits ruin everyone’s day. Onion ID introduces multifactor authentication that takes the burden out of your website visitors’ hands.

Sources:

http://www.informationisbeautiful.net/visualizations/worlds­biggest­data­breaches­hacks/ http://www.pcworld.com/article/2922608/malicious­keylogger­malware­found­lurking­in­highly­pu blicized­gta­v­mod.html http://researchcenter.paloaltonetworks.com/2015/06/keybase­keylogger­malware­family­expose d/

Share this post


6 Flares Twitter 5 Facebook 0 Google+ 0 Reddit 0 LinkedIn 0 Buffer 1 6 Flares ×