[사진=게티이미지뱅크]
According to Intel, for the past 60 years, passwords have been used as an analog method for users to authenticate usage rights across various devices and services. You can use these passwords to unlock your smartphone or log in to portal sites, as well as to access critical business systems.
But the security industry says passwords are no longer secure. Hackers use phishing or information-stealing emails to crack passwords that target user IDs and passwords. In addition, hacking techniques such as brute force attacks that randomly enter IDs and passwords and dictionary replacement attacks that sequentially enter predefined strings are also automated. According to Microsoft, password attacks have doubled in the past 12 months, with 921 attacks occurring every second.
To combat these attacks, it is recommended to use passwords that combine upper and lower case letters, numbers and special characters, but many users create passwords in the form of adding numbers and exclamation marks only to simple sentences, because they are difficult to memorize. Ironically, a complex password to strengthen security makes the password weaker.
In particular, leaked usernames and passwords are circulating on the dark web, and hackers who have obtained them attempt to log in by typing in various combinations of usernames and passwords. This is called a credential stuffing attack. If the user uses the same username and password for other services, even if one service is detected, many other services can be hacked.
According to Apple, password-only authentication is one of the biggest security issues in the Internet environment, and users often use the same password across online services due to the difficulty of managing multiple Passwords. These practices lead to account takeovers, data breaches, and even identity theft.
Two-step authentication, attention as a representative way to protect passwords
In the authentication security industry, authentication methods are broadly divided into knowledge-based, proprietary, and resource-based authentication. Knowledge-based authentication refers to an authentication method using already known information such as logins, passwords, and patterns that we normally use.
Ownership-based authentication is an additional authentication method using a user-owned device. A typical method is to run an application (hereinafter referred to as an application) installed on a smartphone to authenticate during login or to enter a six-digit code received by SMS.
Resource-based authentication uses a user’s biometric properties for authentication, and fingerprint or facial recognition is typical. In the case of facial recognition, in the past there have been cases where it was not possible to distinguish an image from a real face, but recently a way to increase the recognition accuracy at the using a 3D camera or an infrared sensor with the camera has been widely used. .
The popularity of smartphones has made this method of authentication easier to use. The smartphone’s built-in camera or biometric sensor can be used for authentication. In particular, the two-step authentication associated with an authentication application installed on a smartphone can use both knowledge-based, proprietary and resource-based authentication.
Login without password, safer and faster
All three companies will be able to connect to their apps and services in the future, regardless of device, platform or web browser. For example, you can log in to the Google Chrome browser running on Windows through an authenticator app installed on the iPhone.
This built-in authentication feature is expected to be introduced early next year. Microsoft expects this type of connection to provide users with a secure and consistent authentication experience.
“A complete transition to a passwordless world starts with users naturally accepting passwords as part of their lives,” said Alex Simmons, vice president of authentication program management at Microsoft. , which has made significant progress in removing passwords. . FIDO-based credentials will be widely used by consumers and business customers. »
“This collaboration is an industry-wide vision to improve online user protection and eliminate outdated password-based authentication methods,” said Mark Richer, senior director of product management. at Google and the FIDO Alliance. FIDO Explains- Cross-platform technology including Chrome, Chrome OS, and Android is actively used and offered by app and website developers, and users around the world are aware of the dangers of passwords . We hope you can safely escape the inconvenience.
© “Global Economic Daily in 5 languages” Ajou Economic Daily. Unauthorized reproduction and redistribution prohibited