Warning!: This site uses JavaScript, but it appears that your browser has JavaScript turned off, so this site will not work as expected. To resolve this please enable JavaScript and restart your web browser.

Date: Jun 06, 2012

Aseem Asthana, Director of Product Management Celestix

The spate of bad security news continues unabated. This morning about 6.5 million LinkedIn passwords were reportedly stolen. The file containing the passwords was posted on a web site. While most of the passwords were secured using a one-way hash, with fast machines and a brute force approach it is possible to recover them.

For users, this is pretty bad on a number of fronts. At the least our LinkedIn information is vulnerable to unauthorized use. However, most people have a few passwords and they use those passwords on different sites. This means that anyone who has your password can potentially misuse it on other popular sites like Facebook, Gmail, Groupon or worse, your bank.

For application developers this is a sign to think about security from the ground up – not that another one is needed. Passwords are vulnerable since users write them down, or worse reuse passwords. There is nothing that can be done to change that basic aspect of human nature. However, it means that even if the passwords are NOT stolen from your site, hackers will try to use passwords they might have gotten from another website – compromising your users security. So what can you do to prevent losses and secure your users? Augment the password (which is something that the user knows) with something they have – like a security token, or a One Time Password(OTP), that is generated based on a unique code.

With two-factor authentication, your users will have to enter their regular password as well as the OTP. So even if the users' password is compromised, the hacker won't be able to use it since they won't have the OTP. If the hacker tries to use the password that they obtained from another site on your site, you would still be protecting your users since your site would require a second form of authentication. Now you might be wondering if this is any good since the users will have to carry a special device to generate the OTPs. Tokens can be generated on smartphones so users don't have to carry any additional devices.

Protecting logins with two-factor authentication is a secure way to protect passwords as well as ensure stolen passwords are not reused on your website or application.

Celestix Networks is the leader in two-factor authentication with support for generating tokens on all smartphones, desktops and laptops as well hard tokens when needed. Contact us to learn more about Celestix HOTPin.

Back

Products	Solutions	Company	Partners	Support	Contact us	Follow Celestix
WSA Series	SMB	Board of Directors	Partner program	Log a ticket
MSA Series	Education	Management team	OEM program	Support programs
HOTPin	Government	Events	Partner registration	Knowledge base		Blog
FGX Series	Healthcare	News		Warranty information
	Legal and financial	Contact details		Software updates
	Commercial sector	Careers		Training
	Service providers			End of Life policy
				Technical library
				Professional services

Forefront security

Two-factor authentication

Unified threat management

6.5 million LinkedIn passwords reportedly stolen