Modernizing Authentication — What It Takes to Transform Secure Access
According to the results of a Thycotic survey of more than 250 white hat and black hat hackers at the recent Black Hat Conference in Las Vegas, fully 52 percent of respondents said they would be willing to hack into the iPhone for the FBI in exchange for a fee.
Eighteen percent of respondents would do so for less than $1 million, 10 percent would do it for $1 million to $50 million, and another 23 percent would be willing to hack the iPhone for $50 million to $100 million or more.
Nine percent said they would hack the iPhone for the FBI for free, just to prove they could.
Still, four out of five respondents said Apple was right not to comply with requests to help the FBI access data on the San Bernardino shooter's iPhone.
Ninety-four percent of respondents said they strongly or generally believe that people generally deserve data protection, security and privacy, and two-thirds of respondents don't feel the government has a right to access home computer devices without permission.
At the same time, 77 percent of respondents believe no password is safe from hackers or from the government, and 42 percent believe that the government has been accessing citizens' personal data for years.
Survey respondents offered the following key advice to businesses that want to protect themselves from hackers:
- Limit admin access to systems
- Protect privileged account passwords
- Conduct more IT security awareness training and education
- Limit unknown applications from running on the network
- Protect user passwords with security best practices
"Passwords for end users should be reset, at a minimum, every 30-90 days, and be complex," the Thycotic report states. "Password changes should be audited and performed via a self-service password reset mechanism to ensure your security policy's password complexity requirements are enforced, provide an audit log for compliance, and improve employee experience by greatly reducing help desk calls, empowering end users to take control of their own password resets, and increasing ROI for internal support costs."
A separate survey of 1,119 U.S. residents, conducted by YouGov and sponsored by Mail.com, found that 58 percent of respondents continue to prefer passwords over biometric authentication methods like facial recognition, fingerprint sensors or voice recognition.
Thirty-two percent of respondents said they're concerned about cyber criminals hacking biometric authentication, 22 percent think biometric authentication is only advisable in combination with a PIN code or password, and 30 percent don't think biometric authentication is ready for prime time.
Fully 42 percent of respondents don't want companies to save and use their personal biometric data, and just 9 percent think the use of biometric data is risk-free.
Still, a recent SecureAuth survey of 308 cyber security professionals found that 91 percent of respondents believe the traditional password won't exist in 10 years.
Photo courtesy of Shutterstock.