Two-factor authentication and open doors
Sony still added two-factor authentication to protect over a hundred million user accounts on its Sony PlayStation Network. PSN users have long been waiting for this step, especially after the famous hacking in 2011, as a result of which access to the gaming service was closed for a whole month, and credit card information, email addresses and other personal information of users were at risk. Perhaps even too long ...
Given that PSN games are usually sold for $ 25 and up, compromising your account password and a series of fraudulent charges can lead to a sizeable account, an avid player will have nothing to do but to pay for expenses, or spend a lot of time filing all sorts of online applications for challenging and resolving fraudulent transactions.
So why did one of the largest innovative companies, a technology pioneer and a giant specializing in consumer products and entertainment services, take so long to add two-factor authentication to protect PSN accounts? Perhaps the whole thing is in corporate policy or in the inconsistency of business units, as suggested by some experts, and perhaps the company is still desperate to find a more reliable and simple solution to protect users from hackers. PSN was on the front line of defense *, unlike the company's internal networks, neither perfect firewalls nor special training of employees, which was conducted for all years after the hacking, could protect it. Moreover, according to experts, 90% of global companies could not withstand an attack similar to the attack on Sony in 2011, using only the means of protection that were used at that time.
')
It is appropriate to quote the findings of a recent Verizon data leak investigation report: “We know that a standard combination of username and password may be enough to protect your gaming characters. We also know that the introduction of more robust authentication mechanisms only increases the level of protection, but is by no means a panacea. But even with all this in mind, of all the recorded and confirmed data leaks, 63% of the incidents were somehow due to the use of weak, default or stolen passwords. ”
Taking into account these statistics and the analysis of threats and methods of combating them conducted earlier, we can safely say that the introduction of two-factor authentication is fully justified. You can even say that if you still do not use two-factor authentication, in fact it is equivalent to not locking the door behind you, leaving the house - the locked door is unlikely to stop all intruders, but this is still one of the most effective means of ensuring personal security.
Gemalto conducted its own survey among 900 decision makers in the IT industry, which, among other things, showed the current situation with two-factor authentication:
The experience of corporate users is also applicable to a wider audience, although the penetration in this segment is not yet so high, and of the available two-factor authentication options (SMS, phone calls, email messages, hardware and software tokens), the simplest are often used.
TwoFactorAuth.org allows you to check whether the online services you are interested in support two-factor authentication, whether it be gaming portals, banking services or food delivery services, and which one. If you think that some service hides its head in the sand, pretending that it does not notice the problem, then you can leave a corresponding message on Twitter asking the company to add two-factor authentication.
Sony managed to restore user confidence undermined by a missed cyber attack (gamers turned out to be very easy-working people), but the example of this company suggests that, after all, companies that are not in a hurry to introduce modern information security technologies can end up as outsiders the market as a whole.
* Attacks continue - so some sources believe that the main purpose of DDoS attacks on Dyn a few days ago, which made services of several large companies, such as PayPal and Spotify, inaccessible, was exactly PSN.
Given that PSN games are usually sold for $ 25 and up, compromising your account password and a series of fraudulent charges can lead to a sizeable account, an avid player will have nothing to do but to pay for expenses, or spend a lot of time filing all sorts of online applications for challenging and resolving fraudulent transactions.
So why did one of the largest innovative companies, a technology pioneer and a giant specializing in consumer products and entertainment services, take so long to add two-factor authentication to protect PSN accounts? Perhaps the whole thing is in corporate policy or in the inconsistency of business units, as suggested by some experts, and perhaps the company is still desperate to find a more reliable and simple solution to protect users from hackers. PSN was on the front line of defense *, unlike the company's internal networks, neither perfect firewalls nor special training of employees, which was conducted for all years after the hacking, could protect it. Moreover, according to experts, 90% of global companies could not withstand an attack similar to the attack on Sony in 2011, using only the means of protection that were used at that time.
')
It is appropriate to quote the findings of a recent Verizon data leak investigation report: “We know that a standard combination of username and password may be enough to protect your gaming characters. We also know that the introduction of more robust authentication mechanisms only increases the level of protection, but is by no means a panacea. But even with all this in mind, of all the recorded and confirmed data leaks, 63% of the incidents were somehow due to the use of weak, default or stolen passwords. ”
Taking into account these statistics and the analysis of threats and methods of combating them conducted earlier, we can safely say that the introduction of two-factor authentication is fully justified. You can even say that if you still do not use two-factor authentication, in fact it is equivalent to not locking the door behind you, leaving the house - the locked door is unlikely to stop all intruders, but this is still one of the most effective means of ensuring personal security.
Gemalto conducted its own survey among 900 decision makers in the IT industry, which, among other things, showed the current situation with two-factor authentication:
- 38% of users in organizations already use two-factor authentication, and in the next 2 years there will be half of them (51%)
- On average, about a third of users are required to use two-factor authentication to access corporate resources from mobile devices. It is expected that their number will also reach almost half of all users.
- Nine out of ten (92%) of respondents use two-factor authentication in at least one application within their company.
- Two-factor authentication is primarily used with VPNs (86%), web portals (84%) and cloud applications (83%).
- The vast majority (93%) of respondents expect their companies to expand the use of two-factor authentication to protect more applications, while almost half (48%) expect a noticeable activation in this direction in the coming year.
The experience of corporate users is also applicable to a wider audience, although the penetration in this segment is not yet so high, and of the available two-factor authentication options (SMS, phone calls, email messages, hardware and software tokens), the simplest are often used.
TwoFactorAuth.org allows you to check whether the online services you are interested in support two-factor authentication, whether it be gaming portals, banking services or food delivery services, and which one. If you think that some service hides its head in the sand, pretending that it does not notice the problem, then you can leave a corresponding message on Twitter asking the company to add two-factor authentication.
Sony managed to restore user confidence undermined by a missed cyber attack (gamers turned out to be very easy-working people), but the example of this company suggests that, after all, companies that are not in a hurry to introduce modern information security technologies can end up as outsiders the market as a whole.
* Attacks continue - so some sources believe that the main purpose of DDoS attacks on Dyn a few days ago, which made services of several large companies, such as PayPal and Spotify, inaccessible, was exactly PSN.
Source: https://habr.com/ru/post/313688/
All Articles