Use Of Weak Authentication Parameters Puts Information Security Of Over Million Individuals At Risk
Internet has provided a convenient Interface for individuals to perform variety of activities such as online shopping, conducting banking transactions and booking rail or air tickets among many others. However, lack of adherence to safe IT security practices may compromise information security of the individuals. Use of strong passwords is one of the basic aspects of IT security. However, individuals often ignore the basic tenet and make their confidential information vulnerable to security breach. Recently, blogging network Gawker media was the victim of hacking and data breach. The network includes news and gossip site gawker.com as well as gizmodo.com related to gadgets, jezebel.com related to fashion, kotaku.com related to games, deadspin.com related to sports and lifehacker.com. The network has a user base of around 1.5 million.
Hackers apparently gained unauthorized access to user databases and compromised passwords by initiating brute-force attacks. Information security professionals have advised the users of the affected websites to reset their passwords.
One of the common blunders made by Internet users is the use of same password for different websites, blogs, shopping sites and financial accounts. Once hackers gain access to a particular account, they may easily gain access to accounts of the individual on other sites. For instance, a user may have a common or similar password for different social networking sites such as FaceBook, Twitter and Orkut. If a hacker detects authentication parameters of one of the sites, they may easily gain access to user accounts on other social networking sites.
Usually, hackers sell the revealed data to their underground peers. In this case, the stolen data was published online. As such, the incident is considered critical and has triggered fears of large scale Internet security breach. Swinging into action, email providers such as Yahoo and Google as well as the micro blogging site "" Twitters has asked its users to reset passwords. Internet users must use different passwords for different websites. The passwords must not include commonly identifiable aspects such as name, date of birth and age. Again, the password must be strong with a combination of different characters, numerals and symbols. Users may also use different cases for different letters of a word. In general, a password must have atleast 8 letters. However, different sites may have different stipulations for minimum number of letters in the password. Users must adhere to the instructions provided on the sites, while choosing a password.
On the other hand, websites must adopt multi-factor authentication to prevent unauthorized access. They must also guide users on use of strong passwords.
Hackers apparently gained unauthorized access to user databases and compromised passwords by initiating brute-force attacks. Information security professionals have advised the users of the affected websites to reset their passwords.
One of the common blunders made by Internet users is the use of same password for different websites, blogs, shopping sites and financial accounts. Once hackers gain access to a particular account, they may easily gain access to accounts of the individual on other sites. For instance, a user may have a common or similar password for different social networking sites such as FaceBook, Twitter and Orkut. If a hacker detects authentication parameters of one of the sites, they may easily gain access to user accounts on other social networking sites.
Usually, hackers sell the revealed data to their underground peers. In this case, the stolen data was published online. As such, the incident is considered critical and has triggered fears of large scale Internet security breach. Swinging into action, email providers such as Yahoo and Google as well as the micro blogging site "" Twitters has asked its users to reset passwords. Internet users must use different passwords for different websites. The passwords must not include commonly identifiable aspects such as name, date of birth and age. Again, the password must be strong with a combination of different characters, numerals and symbols. Users may also use different cases for different letters of a word. In general, a password must have atleast 8 letters. However, different sites may have different stipulations for minimum number of letters in the password. Users must adhere to the instructions provided on the sites, while choosing a password.
On the other hand, websites must adopt multi-factor authentication to prevent unauthorized access. They must also guide users on use of strong passwords.
Source...