Hackers are using cheap consumer hardware to crack even the most complex passwords in a matter of seconds, according to tests run by server hosting firm UKFast.
Great that hackers can crack the password. If you - as a countermeasure - implement standard password protection and lock the account after x times entering a wrong password, this will prevent hackers to access your account. In most web based environments
this is standard functionality. Or am I thinking too simple?
I'm afraid so. The one way hash algorhitm used by most vendors are well known. Once you obtain the encrypted version of the password, you can use this tool to reverse engineer it into the un-encrypted version. Hackers steal the whole password database
from servers in their encrypted format and then "reverse engineer" them using tools like this. It's always taken a long time, but now it's becoming faster and easier. The lockout i.e. 3 attempts and your out, has no relevance in this.
i think two way authentication is the only way to protect yourself, however with RSA being hacked, i fear this solution is still not 100% secure with the leading vendor
Confidential at this stageSingapore or Hong Kong
© Finextra Research 2013