Same IDs, passwords unsafe: Microsoft
Hyderabad: Using multifactor authentication reduces the chances of your online accounts being compromised by more than 99.9 per cent, according to a research conducted by Microsoft, which said it defends against hundreds of millions of password-based attacks every day.
Research also revealed that 62 per cent of users admit re-use of the ID and password across platforms. This practice of re-use leaves users vulnerable to a so-called “brute force” attack but using multifactor authentication could be a valid defence. A brute force attack is a ‘hit and try’ method, where the attacker uses a set of pre-defined values to attack a target till the password is cracked.
Credential stuffing is another method, where stolen data is ‘stuffed’ into the login page of other digital services to target people who re-use their username and password across multiple sites or devices. Another is by phishing, where a fraudster lures the target to reveal the data or uses extortion.
Then there is password spray, where the hacker attempts to access a large number of usernames with a few commonly used passwords such as 12345. Keystroke logging involves software, which records what the user is typing on keyboard and reveals users IDs and passwords. Given these methods, passwords or their complexity don’t really matter anymore, an expert said.
Microsoft notices over 300 million fraudulent signs in attempts every day on company cloud services, 167 million daily malware attacks, and over 4,000 daily ransomware attacks on organizations.
“During the initial stage of our digitalisation journey, we used to have only one user ID and password, which was easy to remember,” Mr Sai Krishna, chairman, Global Cyber Security Forum, said.
“Now, in every home we find a smart TV, a home router, banking account apps, digital wallets and social media apps, all of which require passwords.”
Mr Krishna said having different IDs and passwords for each account and device and changing them regularly makes it difficult to remember. Most users take the easy way and have one user ID and password across platforms.
A defence against this is using multi factor authentication. Dual-factor authentication especially using an OTP through SMS is free and easy. SMS is very difficult to hack as it works on short message peer-to-peer (SMPP) protocol which is different from IT infrastructure. The fraudster doesn’t invest time in hacking an SMS, Mr. Krishna said.
Multi-factor authentication improves the protection significantly as attackers will not be able to sign in to the service as they will fail to pass the two-factor barrier. Along with the OTP, users in multi-factor authentication also get a push notification which alerts users to someone logging into an account from a particular gadget/network and ask for permission.
“This authentication gives the ultimate level of security,” Mr Krishna said.