Companies that are compromised by hackers can not afford to shift responsibility to customers for “weak” passwords, says security researcher Yiannis Chrysanthou.
Rather than focussing on something the user knows, like a password, they should focus on introducing multi-factor authentication based on something the customer has, like a smartcard, or something a customer “is,” like fingerprint verification, in order to make credential theft and impersonation much harder.
Chysanthou, who is part of KPMG’s cyber security team, made the comments in response to a series of high profile attacks on internet-based businesses. “Organisations seem to believe that if they force users to pick long complex passwords and then store them only in their cryptographically hashed formats, they are relatively safe,” he said. “The reality is that we hear of password breaches time and time and again, and this needs to change!”
The problem with focussing on passwords, says Chrysanthou, is that these are often encrypted and stored in a database alongside usernames and emails. Once hackers have stolen and published the database, these cryptographic algorithms are often hacked within a matter of days.
“Multi-factor authentication will block traditional attacks relying on guessing or stealing a user’s password because the password itself will no longer be sufficient. Of course this extra security comes with increased investment but the improved customer protection makes it viable and valuable,” he said.
A survey of corporate decision makers across Europe finds that chief executives in more than half of the businesses canvassed take responsibility for the issue of cybersecurity.
Regulatory technology - aka RegTech - should become a priority for bankers as regulators increasingly focus on risk data aggregation, argues a white paper from Wolters Kluwer.
Despite significant cost-cutting in recent years, management consultancy McKinsey says the world’s biggest banks need more radical business plans.
With its estimated market capitalisation reduced to US$235bn, Wells Fargo’s current valuation is some US$4bn less than its rival.