Why Anybody Can Steal Your PasswordsOliver Bock
You juggle dozens of user names and passwords these days, especially if your business uses multiple cloud services. It’s nearly impossible to come up with new passwords, change them regularly, and resist the temptation to use the same password for everything — or write it all down on paper. Data breaches impact companies large and small on a regular basis, and anyone can steal your passwords; it’s not all that hard to do.
When Malware Ruins Your Day
Malware comes in many types, but there are a few that go out of their way to ruin your day with passwordstealing. Keylogging malware and rootkits are two types of malware capable of stealing your password information, and plenty of other sensitive data as well. Malware can reach your system in many ways, but typically it rides along with a seemingly trustworthy piece of software. A recent piece of malware, Fade.exe, installed itself alongside a mod for a popular video game, Grand Theft Auto V. It gathered everything from Facebook credentials to individual keyboard presses. Keybase, another keylogger malware, was attached to .exe files delivered through email for installation.
Malware has been around for a long time, with the first example of a keylogger dating back to 1983. Keyloggers were installed as part of a virus or with trojanhorse software in order to operate for as long as possible without arousing enduser suspicions, reporting stolen data back to the malware’s creator.
Why Malware is Still Around
Malware is still around some three decades later, largely because the sheer amount of passwords people deal with on a daytoday basis is truly overwhelming. Many companies don’t have security controls that thwart keylogger information, so malware continues to be a profitable way to gain access to accounts. Developing access controls into apps can be a difficult problem for devops, resulting in password controls that aren’t as secure as they could be. That’s where Onion ID comes in.
Make the Jump to Active Authentication
Typical password authentication looks at whether a user is entering the right user name and password, and sometimes has twostep authentication to authenticate whether the user is authorized to log in. However, this requires a lot of work on the user’s end, on top of managing an evergrowing stack of user names and passwords.
Onion ID eliminates a lot of the hassle surrounding access control with features such as IP fencing, geoproximity and geofencing. It’s not enough that the right user name and password is used; the user has to be in the right location as well. Biometrics can also be used as part of a seamless authentication, minimizing input on the user’s part. Onion ID creates a singleclick signon so it’s easy on the user’s end, with strong security features behind the scenes that make it easy for companies to keep access secure. It’s also much harder for hackers to gain any useful information, as the user never needs to enter a password.
Behind the Security Scenes at Onion ID
Onion ID doesn’t need integration with your existing infrastructure, allowing you to deploy a new layer of security in under a minute. It automates refreshes, institutes invisible multistep authentication, provides you with an easy way to manage users for secure access control, and works with SSO and SAML. Syncing every five minutes, your security is kept up to date and no one slips through the cracks. Auditing controls let you see everything, from which users are accessing what parts of your site to which users are generating license costs.
The typical usernameandpassword authentication is obsolete in a world where anyone can steal your password. Even with plenty of malware protection, keyloggers can ride along with authentic software — and dayzero exploits ruin everyone’s day. Onion ID introduces multifactor authentication that takes the burden out of your website visitors’ hands.
http://www.informationisbeautiful.net/visualizations/worldsbiggestdatabreacheshacks/ http://www.pcworld.com/article/2922608/maliciouskeyloggermalwarefoundlurkinginhighlypu blicizedgtavmod.html http://researchcenter.paloaltonetworks.com/2015/06/keybasekeyloggermalwarefamilyexpose d/