It’s time for non-password authentication
Scientists have predicted a decade of non-password authentication, which will help solve problems in information security and discourage hackers.
On the last days of 2019, the netizens’ community was stirred up by the appearance of video clips of a famous singer on social networks. Security experts said evildoers obtained the clips by hacking the personal camera.
The person used an easy-to-guess password for the camera and did not change the password regularly.
The trouble reminded people of the event some months before when an account on Raidforums stated it had information about 2 million users of a commercial bank in Vietnam.
Prior to that, an international hacker stated he was holding information about 5 million customers of a mobile phone retail chain, including information about emails, history of transactions and credit cards.
|Users only need to authenticate with the key in hand, then the key and the server will "talk" with an authentication algorithm to confirm the login. If so, traditional passwords no longer have their role and they can be removed.|
In early 2019, a customer in Hanoi complained that VND39 million in his bank account disappeared, though his ATM card was still in his pocket.
According to technology experts, evildoers might use cameras to secretly record passwords when users log in at ATM points.
Another common trick often played by scammers is phishing, wherein hackers create fake websites and steal names and passwords when users log in.
Users’ careless behaviors are not the only reason behind the data leaking. The incident of 419 million Facebook users’ records being exposed, including 50 million accounts in Vietnam, is an example.
This is why FIDO Alliance has called to eliminate the password regime. FIDO2 technology has the newest set of specifications which asks users to forget the concept ‘password’ and make authentication on all systems with an authentication key.
The key could be a physical or soft key (applied to mobile devices). Users only need to authenticate with the key in hand, then the key and the server will "talk" with an authentication algorithm to confirm the login. If so, traditional passwords no longer have their role and they can be removed.
Vietnam has non-password authentication technology. After nine months of research and development, "VinCSS FIDO2 Authenticator" has received the certificate from FIDO Alliance.
According to Nguyen Phi Kha, R&D director of VinCSS, a subsidiary of Vingroup, when users don’t have passwords, phishing doesn't happen. As the key and server ‘talk’ with the algorithm, there is no user data. Therefore, even if hackers intervene in the ‘talk’, they won’t be able to collect any information.
According to Trieu Tran Duc, a security expert, FIDO 2 is a complicated standard and not many companies in the world are capable of creating the products meeting standards. Before Vietnam, only 12 countries made products in accordance with FIDO 2 standards.
Vietnam did not suffer from any cyber attacks that caused extensive impact or serious problems during the traditional Lunar New Year (Tet) holiday, according to the Ministry of Information and Communications.
CMC Cyber Security (CMC Corporation) was granted the Information Security Awards 2019 by the Vietnam Information Security Association (VNISA) at the Vietnam Information Security Day 2019 held in Hanoi on November 29.