At this time, System Solutions remains open to serve you.

For the protection of our staff, customers and the community – we ask that anyone who is feeling ill please do not visit our office. This also applies to anyone who has traveled outside of Canada within the last 14 days.

If either of the above situations applies to you – please call ahead and we will attempt to make alternate arrangements.

In case of an emergency please call our mobile number at 519-569-1025

We care and appreciate your business and please stay safe.

From our team at System Solutions .


Looking for options for E-Waste

No more passwords in 2017?

December 28, 2016

LOGINYahoo!’s disclosure that hackers might have vacuumed up the passwords of as many as half a billion users lit the floodlights on two gaping issues in IT:

Passwords run out of steam well before they cross the goal line of today’s security needs
Sometimes you don’t even know they’re gone, which means you’re vulnerable without realizing it
Wakefield Research recently surveyed IT decision makers and found out that 69% will probably do away with passwords completely in the next five years.

The finding of the report wasn’t surprising, nor were the insights that IT professionals are despairing of evergreen problems:

Stupid users “securing” their accounts with passwords a child could guess, let alone a script kiddie driving any of a dozen tools available for free download
Lazy users recycling the same password for different accounts so that one crack exposes many systems. And it’s especially galling for IT when the breach of its system is the result of a breakdown of a system beyond its control, such as all the systems now at risk because Yahoo! customers used the same password for Yahoo! as for their work access.
Alternatives to passwords

Alternatives that solve both these problems are maturing. They typically involve mixing methods like:

Two-factor authentication involving single-use pass codes pinged to the user’s mobile phone or emailed to them
Biometrics—commonly fingerprint, eye, voice scanner
Behavior—recognizing a user’s signature behavior, such as:
Considering the time and place a user is requesting access and deciding if it’s in keeping with that person’s usual behavior
Looking at the way the user is handling the device—mouse movement and keystrokes—to sniff out atypical behavior
Device-specific lockdown—only allowing access to certain systems by particular devices assigned to individual owners
Combinations of these are most effective. It’s easy to see, for instance, that a device that has never been used to access a system at 11pm let alone from another city than HQ should be locked out.

Self-aware users

Wakefield Research found the biggest obstacle to scraping standalone passwords was the belief by 42% of respondents that they’d get pushback because of “disruption to users’ daily routine.”

A choice that taps into something enjoyed by many might be the answer—the selfie.

Uber is periodically asking its drivers to snap a selfie before accepting ride requests. It runs the selfie through an algorithm to match it against the one on file.

Similarly, MasterCard in Europe is asking online shoppers to authenticate themselves with a selfie.

The technology isn’t as mature as some other options—but the selfie of today might yet have its way as the future of security.

Comments are closed.