Home / Crime / Next generation authentication: DNA?

Next generation authentication: DNA?

I’ve blogged often
about the issues of identity, passwords, lack of security and the whole gamut
of how mobile internet combined with social media changes everything.  Now it’s hit the mainstream media when
British Airways magazine has its main front page
talking about cybercrime.

Scarey

The first line gives away the rhythm of the article: “How do
hackers crack a corporation? Their top tool is you.”

The article talks about everything from using a USB
stick, which immediately creates an opportunity for hijacking, to the
vulnerabilities of copying corporate work to your private gmail account.

Scary stuff, and rightly so.

It also touches upon the commonest passwords used on the
internet, which happened to sync up with a couple of other articles I was
reading recently.

The first talked about the top passwords people use, with the number password being … ‘password’. 

Wanna know the rest?

Well here you go:

1. password 
2. 123456  
3. 12345678 
4. abc123 
5. qwerty 
6. monkey 
7. letmein 
8. dragon 
9. 111111  
10. baseball 
11. iloveyou 
12. trustno1 
13. 1234567 
14. sunshine 
15. master 
16. 123123 
17. welcome 
18. shadow 
19. ashley 
20. football 
21. jesus 
22. michael 
23. ninja     
24. mustang 
25. password1

The second talked about PIN numbers, and they’re pretty
easy to crack too.  Wanna know the #1
PIN?  Yes, it’s ‘1234’.

If that doesn’t work, try anything from ‘0000’ to ‘9999’,
and one of them will probably crack open the vault.  For example, here’s the top
20:

1.
1234   

2. 1111  
3. 0000 
4. 1212 
5. 7777 
6. 1004 
7. 2000 
8. 4444  
9. 2222 
10. 6969 
11. 9999 
12. 3333 
13. 5555 
14. 6666 
15. 1122 
16. 1313 
17. 8888 
18. 4321 
19. 2001 
20. 1010 

So
it’s pretty obvious that easy to remember numbers and words are the order of
the day when cracking passwords and PINs.

In
fact, company systems are also easy to crack, as illustrated by
Paul Ducklin of Sophos who cracked open the Philips company databases
this year by using the really difficult to find password: ‘Philips’.

Wow!  Such high level security is unheard of and
reminds me of my favourite story
of Aaron Barr, the head of security at the leading US cybersecurity firm HBGary
who got pawned by @Anonymous by using the same username and password for his
LinkedIn account and corporate Google account.

Aaron
is now on everyone’s z-list, but that doesn’t cut it.

The
bottom line is that in today’s world of mobile internet with 24*7 access,
passwords are just so 20th century.

We
should be using biometrics of something similar.

Personally,
my favourite is DNA as it would allow me to spit on my bank and they
would welcome me for doing so.

I’m
not sure it’ll take off however, as the technology is not quite right yet.

Bb9-gross-spit

:yeuch

 

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

The end of a ‘bank account’ as the digital me takes over

I had a really interesting conversation with Chris Barker, Head of Digital and Engineering for …

11 comments

  1. Thanks Chris. Who knows….in the days to come…even DNA may be duplicated…..

  2. The casual advocacy of biometrics really has to stop. These technologies are not what they seem.
    Most people get all their understanding of biometrics from science fiction movies, and vendors do bugger-all to round out the public’s understanding. There’s an amazing double standard where the truism that there is no perfect security gets shoved aside by unquestioned assumptions of biometrics being “unique” (they’re just not).
    But with a few moment’s reflection even lay people spot one of the fatal flaws: a biometric cannot be cancelled and reissued in the event it is stolen. With a little more time, business people can get a handle on crucial practical matters like the security-convenience tradeoff, the reality of Reverse Engineering (so much for biometrics being ‘impossible to forge’ as many vendors claim) and the inherent difficulty of card-less biometric ATMs (which will occasionally commit a False Match and this give you access to someone else’s money).
    So please, you shouldn’t even joke about DNA as a biometric.
    More at
    http://lockstep.com.au/blog/2012/10/20/biometrics-and-privacy-basics
    http://lockstep.com.au/blog/2012/05/06/biometrics-must-be-fallible

  3. Raghavan quipped “in the days to come, even DNA may be duplicated”. Indeed! Pluck someone’s hair, or even shake their hand, and you’ve got enough of their DNA to spoof them.
    Truly, of all the biometrics, DNA has to be the craziest.

  4. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  5. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  6. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  7. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  8. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  9. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  10. Next generation authentication will be… (drumroll) your mobile phone. It’s something you know, you have, you are.

  11. So, once you give your DNA, everyone knows it, can replicate it and reuse it in whatever way they could think?

Click on a tab to select how you'd like to leave your comment

Leave a Reply

Your email address will not be published. Required fields are marked *