Cyber

Passwords ‘no longer fit for purpose’

by Mark Rowe

Data breach headlines may seemingly have been reserved for multi-million pound organisations in recent months, but former US Secretary of State Colin Powell has seen the leak of his personal emails spreading like wildfire, says Dave Worrall, CTO at Secure Cloudlink.

Worrall said: “As politicians across the world race to delete their entire personal email history, in fear of their own politically (in)correct views being published online, it was revealed that an email containing disparaging remarks about US Presidential hopeful Donald Trump, had been leaked from an account registered to the former Secretary of State.” While the content of those emails have sparked much debate, arguably the more critical issue must centre on the causes of these hacks, Worrall said.

The explosion of businesses transacting online, social media sites, mobile devices and applications in the workplace has led to a huge appetite for stolen data, he argued. Hackers are not merely using stolen information for potential financial reward as it appears that they may be attempting to exploit political angles and sway American voters in the midst of a Presidential election. High profile celebrities are equally of interest to hackers after recent reports of top athletes’ data being stolen from the World Anti-Doping Agency’s (WADA) data storage system, including British Olympic stars Mo Farah, Justin Rose and Helen Glover.

Worrall added: “Passwords are no longer fit for purpose, incidents like these are no longer just expected but inevitable under the current system, which is why a new solution needs to be elected. The severity of these hacks is scalable, depending on which political, financial or even medical context you look at them, but the regularity will only continue. Even though, Mr Powell’s private email archive was protected by a password, which was probably selected with care and diligence and may have been complex and unique, the hack still occurred. Olympic medical records were still hacked and published online by a group known as the Fancy Bears. The appetite for data is not merely for financial purposes and there is a blanket fault as to why valuable information is becoming easily attained.

“If a website is hacked, and the website doesn’t encrypt passwords then personal details as well as other high-risk data can be compromised. The main point is even if passwords are stored in an encrypted format, they can still be stolen and the encryption cracked.

“Most current password security systems for business applications and websites are flawed. This is not the first time that politicians have been the target of such hacks, in the UK, Prime Minister Theresa May was targeted by an ISIS cyber-attack in 2015. This is very concerning, even if this latest US politician hacks were only to share views on the Presidential contenders, the fact that high profile athletes’ medical records have been so easily distributed is beyond intrusive. This will only continue and far more serious information could be leaked and found in the wrong hands in the future.

“Instead of trying to find better solutions, governments have continued to operate under a system of password proliferation across multiple, often incompatible systems. The time is now right to rethink the entire concept of the password, each of us are unique, so we need a unique solution.”

Related News

  • Cyber

    Singapore office

    by Mark Rowe

    The cyber security company Foregenix is opening a Singapore office. The Wiltshire-based firm opened its Asia Pacific (APAC) region base in Sydney,…

  • Cyber

    DDoS attack report

    by Mark Rowe

    A cyber firm reports a 13pc decline in the overall number of DDoS attacks when compared with the statistics from the previous…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing