Secure Login what do you think?
Recently, the topic of protecting the individual (user) at the point of entry (login), to a application or digital resource has risen to the top of security discussion. Let’s face it username and Passwords suck! This is an agreed to philosophy from a single consumer to a Senior Manager of Information Security. The following articles recently published address login security. They also put a big portion of the responsibility of the security on the individual. We are asked to avoid phishing attacks or other means of username / password theft. Account Take Over written by Johan Brismyr , and Advanced Phishing with 2FA bypass written by Kuba Gretzky. A third article centered around encrypted email flaws points out for those flaws to work a bad actor needs access to the recipients email or exchange server IE they need your login. eFail Flaws written by Michael Heller
So, what are your obligations and what are your options. Currently, your obligation is to learn about the threats that could affect your digital life. Along with implementing best practices for addressing those threats. Your current options for those vary depending on the environment the application resides. If it is in your workplace, you are confined to the available tools your workplace has deployed ranging from VPN access to various models of Multi-Factor Authentication. Some require you to carry around a separate device to achieve these. For your personal digital life the ownership of security measures at login has fallen solely on you. Your options in this arena again vary depending on what your signing into. The same types of login security exists from VPN to 2FA to Login managers with 2FA.
One issue is Username and Passwords are still the core authenticator. This requires you to have a multitude of these credentials and be able to make them secure. This requires them to be long and cumbersome. Another issue is that at this time there is not enough common standards across the login platforms to be able to use one system for all of your logins. As technology continues to improve there is hope on the horizon for standards to become adopted. Allowing people to leverage technology like TraitWare across the various digital accounts they have.
At this time, TraitWare works for WordPress and Enterprises running AD. TraitWare provides a Simple Secure Login that replaces your Username and Password. This Simple Login reduces friction for most applications and is friction neutral in others. Our goal and mantra at TraitWare is to “Simplify and Secure your Digital Life”.
Please leave a comment about your top 5 logins that you would like to replace your Username and Password for so that we can know which applications to target first while we work to achieve adoption across all login platforms.