We talk a lot about the digital
age of warfare here at HackerAttacker.
It’s kind of the most popular aspect of the digital age today. Just take a look at history; war is always
resting at or about the pinnacle of the public forum. Why mess with a classic? When it comes to
security and authentication best practices, however, there are more avenues to
peruse than simply the digital side of warfare.
In that element, we are going to take a look at some older forms of
deception and how they play a role in the social relationships inherent in
digital security and authentication.
The Lock Begets the Lock pick – The Unending Cycle
Slate.com has an excellent blog article on the History
of Lock picking, and it got me to thinking about society and security and
the relationships therein. The article
focuses on two locksmiths in particular: Joseph Bramah and his
Bramah Safety Lock, and Jeremiah Chubb and
his Chubb Detector lock. Both locks
served different purposes at the time of their invention: the Bramah was an {at
the time} unpickable lock and the Chubb was a lock that announced the failure
of anyone attempting to pick it by making the intended key fail to open the
lock. These locks were the height of
authentication best practices at the time of their inception: they illustrated
the best practices to adhere to in order to achieve what security experts call
‘perfect security.’ Both locksmiths created their locks for a specific purpose
and, for a time, both locks succeeded in achieving their intended goals.
Until A. C. Hobbs came along and beat them both.
Alfred
Charles Hobbs was an American locksmith and the first one to illustrate the
need for the evolution of security and authentication best practices. Hobbs was
the first person to break through first the Chubb and then the Bramah
locks. Hobbs became an expert lock pick
through the process of creating and then selling his own version of high-end
locks. By beating other locks, Hobbs
could convince his prospective customers to reach out and buy his.
Wouldn’t you be more likely to trust a locksmith who knew
how to beat the strongest locks out there? After all, you trust authentication
best practices from experts who routinely study and denounce past
practices. That’s what our friendly white
hat hackers are known for, and they have helped usher in the digital age as
we know it today.
But that brings up a pretty major idea that people tend to
forget about: when a new, strong security protocol or device is introduced to
our society, there will always be those individuals out there who are capable
of beating it. That is how
authentication and security evolve, protocols and practices are beaten, and we
take that information and create a new, stronger protocol.
It’s a never-ending cycle.
What’s this got to do with Authentication Best Practices?
That’s a fair question.
Aside from an allegorical summary of how authentication works, what does
lock picking have to do with authentication best practices? Quite a lot, actually.
Think about it like this: you always lock the door, and
maybe even your windows, when you leave your house or your apartment,
right? You do that just incase some
untrustworthy individual comes along and wants to take something that you’ve
got sequestered away inside your home.
That is an example of security and authentication best practices right
there! It is a security best practice
because you know to lock entry points to your private, personal belongings just
in case, and it is an authentication best practice because you know only your
key can bypass that lock.
Locks and lock picking have so much to do with the way we
secure and authenticate ourselves in the digital age today. The same social contracts and notions of
‘perfect security’ that prompted Bramah and Chubb to design their state of the
art locking mechanisms are what drive authentication
security experts to contrive new ways to help protect your digital
information on the web.
Authentication Best Practices – Defending against the Hobbs of Today
Hobbs wasn’t a bad guy, by all accounts. He was a fantastic salesman, and a phenomenal
locksmith. Today, the digital locksmith
takes the form of IT gurus and authentication experts, while the lock pick is
the hacker who works either for or against the locksmith to find where that
security is the weakest.
In recent days, with the PCI SSC developing new requirements
for securing consumer data, and more and more experts
reaching towards multi-factor authentication, it is important to review
authentication best practices in light of the constant evolution of digital
authentication.
The digital age has rewritten the terms of security. Today, the password you type in for each
account is the lock on the door to protect what you’ve housed within. The darker, malicious Hobbs’ of the digital
era work tirelessly to determine the intricacies of that lock so that they can
get their hands on what lies behind those doors. Authentication best practices
serve to strengthen that lock against hackers and others with malicious
intent.
The New Lock
One of the most common additions to security protocols in
order to increase the strength of our digital locks today take the form of SMS
authentication, or mobile authenticators.
Better than hoping that a hacker cannot steal a password, accounts may
be secured by requiring additional input from a mobile source to allow
access. Mobile authenticators and SMS
authentication are still viewed as strong forms of authentication, but it looks
like 2015 has churned out a few A. C. Hobbs characters to make us reevaluate
that claim.
Courtesy of thehackernews.com,
we now know of at least one Hobbs who has managed to tag vulnerabilities in
mobile phones by way of an NFC (Near Field Communications) chip implanted
directly into his body. With this chip,
an individual can gain access over an individual’s cell phone, and with that
access could potentially circumnavigate all of those mobile-centric authentication
and security protocols.
With the evolution of this technology still underway, let’s
review some basic, yet entirely necessary authentication best practices for the
current digital age:
4 Authentication Best Practices to Consider
- Don’t Click on Suspicious Link
- In the same way that you wouldn’t let a stranger just waltz into your apartment, don’t open the door for malware or phishing attacks to get into your systems by clicking on strange or unrecognizable links. If you are worried, try the old ‘hover’ trick: place your cursor over the link and wait, an image will appear by your cursor with the link address associated with the link. If it looks at all suspicious, don’t click it!
- Make sure you, or your company, have up-to-date antivirus and anti-malware software
- Most people are sick of hearing this kind of warning, but it is absolutely important. If you do not constantly update your protection software, you are leaving many doors unlocked for potential intruders to use to gain access. This goes for mobile phones and tablets too! You can no longer operate under the impression that your phone won’t become compromised. Secure it so that you do not fall victim to attack!
- Make use of a strong password management program or solution for yourself or your company
- For individual users, try something like 1Password to secure your many passwords against prying eyes. For companies, try something like PortalGuard to secure your passwords, and also gain access to a single sign-on solution to save your end users the hassle of managing their passwords on their own.
- Don’t install apps or programs from sources that you don’t recognize
- This is a big one. Even if you think that a program can be trusted because a friend has used it, or because it has never given you problems before, make sure it comes from a source you know and trust. For your mobile devices, make certain that you are only installing applications directly from the app store, and from users that are respected. Any malicious software could put you and your company at risk for infiltration.
Good Luck Out There
There you have it.
There is nothing wrong with a good A. C. Hobbs to show us where we have
been found wanting, so long as we can evolve and grow in a beneficial way. Part of authentication best practices is
knowing that for every vulnerability we find, others will find another five to
exploit. It is the nature of security to
protect against the unknown and unexpected.
By following certain practices online in your everyday interactions, you
can combat the hackers attempting to use your information for their own
nefarious needs. Just learn from our
security history and follow some of these authentication best practices to be
the most secure in the ever-evolving digital age.
Don’t forget to let me know what you think in the comments!
No comments:
Post a Comment