- Download Now
Websites Should Use One-Time Passwords for User Authentication
June 6, 2012
Multiple news organizations have reported that approximately 6.5 million LinkedIn passwords have been stolen and posted online. Some sources say that the dating website eHarmony may also have had passwords stolen and posted online, bringing the total password breach up to 8 million.
Many are recommending users of these websites change their passwords immediately, but we all know that doesn't really solve the problem. These types of password breaches seem to be in the news daily. That's because static, text passwords are simply weak security and websites should stop relying on them as their sole authentication method. Even if users are able to create really strong passwords, remember them, and use a different one on every online account, passwords are still incredibly easy for hackers to steal using keylogging malware and dictionary-style brute force attacks.
Websites and online businesses should start providing users with strong authentication including one-time password generators and multi-factor authentication. Businesses can provide strong security that's easy for their customers to use by implementing a service like Confident ImageShield™ that generates one-time passwords simply by asking users to identify a few pictures. High-value accounts with sensitive customer information should be protected with multi-factor authentication that sends an authentication challenge to the customer's mobile phone through a completely out-of-band channel that is separate from the web session on the computer.