When it comes to web security, people are always the weakest link. Hackers hardly ever crack a password because it is easier to dupe people in to revealing it by employing a range of social engineering techniques.
Sound familiar? Because of this phishing emails were born and are one of the greatest threats to our personal security on the web.
So how, as a web designer/developer can you stop your users from falling for these kinds of things? First and foremost is education, then usability.
Usability in security is key – how many times have you ‘failed to enter the correct code’ on captcha or similar bot preventing system if you want to login somewhere?
As a developer use email addresses instead of usernames and allow passphrases (like your WEP wireless passphrase) and not just passwords. Help your users to remember their passphrase by making it the first letter of each word in a sentence so – “My cat Luna is on a diet and has lost 4 pounds!” would be something like “McLioadahl4p!” – note the capitalisation, number and character.
But still as I said above, this information can still be captured on a phishing site and used.
What is the future of security then?
Well the actual human should always be central to the whole authentication process, banks and online financial systems are increasingly using random number generators on a key fob (your keyring might get a bit heavy if you have two or three of these…) which even if the user entered details on a phishing site – the random number will change to protect the user.
They call the devices random number generators, but there is a pattern – but for any pattern to be ascertained, like a graph you will need a least 3 points of reference (so you have to dupe the same customer three times) and this will increase dependant on the number of digits used.
Suddenly, getting the bank information off the average Joe, earning £20K a year becomes more expensive than the rewards the scam would reap.
Biometrics is of course the sci-fi technology that we are starting to see – simple to use and only if you are playing ‘mission impossible’ would this be tampered with.
Most of us are at threat from casual and low level financial fraud attempts which are the most prolific.
So just remember, the HMRC will not email you saying that you have a tax refund and you didn’t have a rich Nigerian uncle that left you millions. If it is to good to be true, then it probably is!
*please note Luna has not lost 4 lbs, this is a day I wish for! It’s like starving your granny – never let your cat get fat.
