Passwords are so passé

The Green Sheet: March 23, 2020

Most mobile app users know passwords alone are insufficient protection against automated attacks, but old habits die hard. The recent attack on J. Crew is one more wake-up call in a litany of worst case scenarios that highlight the need for multilayered security, according to Jason Kent, hacker in residence at Cequence Security. Kent told The Green Sheet that he sees automated attacks on mobile applications every day.

These attacks typically throw massive swaths of usernames against an application to see if the application prompts for a password. When the app recognizes a username, hackers begin the second attack phase by trying different password combinations. "Eventually the attacker learns the usernames and passwords of several accounts and in the next phase they attack," Kent said. "Both the testing and the attack are noisy but often we find organizations aren't instrumented to see the testing and attack phases."

As mobile app adoption grows, we need stronger authentication methods. A recent Harris Poll conducted by Ondot Systems showed 64 percent of U.S. consumers believe technology companies can significantly improve financial products and services. Survey respondents between the ages of 18 and 44 would consider purchasing a financial product from a tech company for the following reasons: tech companies make products that are more convenient to use (35 percent), have built-in tools to control budget/spending (30 percent) and provide better technology/digital features (28 percent).

"Technology companies have spent years and billions of dollars designing customer-centric platforms that deliver an easy user experience, Apple Card's instant issuance feature being a recent example," said Vaduvur Bharghavan, CEO of Ondot Systems. "As a result, consumers have incredibly high expectations of the companies with which they do business, including financial institutions." [Read the article in The Green Sheet...]