A Russian crime ring has amassed the largest known collection of stolen Internet credentials, and according to Symatec, this highlights the limitations of passwords.
While the scale of the crime was surprising for Pacific region specialist solutions director, Sean Kopelke, he admits the act itself is nothing new.
“We’re starting to see every day a new breach being mentioned in the media, so it’s not a surprise there was a breach,” he said.
Instead, Kopelke said what caught a lot of people off-guard was the size of it.
“People are talking about 4.5 billion records, of which 1.2 billion is unique user names and passwords, which are both big numbers,” he said.
More than anything, Kopelke said the crime emphasised the shortcoming of passwords.
“The conversation is less about the breach, which we know has happened, but more around the limitations of password infrastructure we have today,” he said.
A password-less future
Symantec foresees password-less authentication being the next logical step in combating these types of breaches.
“We all know the challenges of passwords, as we have too many of them and there are so many systems we need to connect into today,” Kopelke said.
Despite the continued warnings of security vendors, many people continue to re-use their passwords.
“It shows the structure of putting in a user name and password is very limited,” Kopelke said.
Although two factor authentication is not a new topic, Kopelke said some “interesting developments” are taking place in that space.
Read more: Still not enough market demand for Windows 8 apps: Bitdefender
“Biometric two factor authentication is being talked about now, and we’ve already started to see that in the consumer market with fingerprint readers on iOS devices,” he said.
“Samsung is also talking about having eye or face recognition on their devices.”
Research from Cambridge has also caught Kopelke’s interest, particularly in detecting behaviours and the uniqueness of the way people interact on their device.
These behaviours are being tracked by researchers to see if they can be a factor for authentication.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.
