Regardless of how interested someone is in security, chances are that they’ve received an email at some point telling them that they need to reset their password because of a breach. In many cases, people may not believe the event actually happened. Bogus messages sent from hackers are an all too common problem, and many individuals rightly ignore them or search for an official announcement before acting on the email’s request.
The potential long-term consequences from a breach
Of course, in some cases, the message is authentic, and users do have to reset their passwords. This was most recently the case with Adobe, which had at least 38 million accounts that may have been compromised – and possibly as many as 150 million. The company initially asked its customers to change their authentication details, but eventually it required its members to make the change, while also offering free financial monitoring services for up to a year to minimize damage from the breach.
Incidents like with Adobe can drastically change how customers perceive a company, particularly when they can easily switch services to a competing, more secure brand. Organizations as large as Adobe can take a hit, but for many small- to mid-sized enterprises, the damage from a breach can lead to irreparable damage. Of the one in five small businesses hacked every year, 60 percent have to close shop in the next six months. The double hit of lost finances and a retreating customer base can be difficult to recover from.
Overcoming user habits
Notably, websites not only have to worry about their own security precautions, but also those of their customers. Many users do not use the best passwords or practices for online safety. Because of this, some organizations have tried implementing more stringent safeguards for logging in. Some websites have turned to CAPTCHAs, authentication questions relating to personal information or even requiring users to enter a code sent via text message before letting anyone log in. However, these aren’t particularly useful safeguards. Social media has made it easier than ever to find out where people went to school or what their mother’s maiden name is. A man in the middle attack can still fake the look of an official website and capture the incoming SMS code. A CAPTCHA won’t stop a human, and rarely an automated attack, either. The ways around the modern password paradigm are many and will need to be revised to create a stronger, more secure online environment.
Changing for the better
To ensure that customers have the utmost confidence in their online security, consumer-facing websites should look to more robust security solutions than those currently offered by typical password protocols. Multi-factor authentication that can identify someone based on their smartphone is an increasingly viable solution due to the prevalence of the devices. Meanwhile, secure credentials from a trusted source – such as a bank – can avoid some of the problems when a breach occurs, as not all information will necessarily be available during the incident.