Academics create new “anti-phishing” technology – electronic identity cards which allow secure access to websites, and which could simplify access for people less used to the Internet.
The technology was devised at London’s Royal Holloway University, and is designed to protect against phishing and password theft attacks. The academics point to statistics which show that password thefts rose 300% from 2011-2012.
The new system, called Uni-IDM, will enable people to create electronic identity cards for each website they access. These are then securely stored, allowing owners to simply click on the card when they want to log back in – knowing the data will be sent to the correct place.
It is designed, the academics say to provide an “easy way” to cope with the increasing number of websites that offer more secure login systems, offering a helpful and uniform way of using these.
“We have known for a long time that the username and password system is problematic and very insecure, proving a headache for even the largest websites,” says Professor Chris Mitchell from Royal Holloway’s Information Security Group. “LinkedIn was hacked, and over six million stolen user passwords were then posted on a website used by Russian cybercriminals; Facebook admitted in 2011 that 600,000 of its user accounts were being compromised every single day.”
“Despite this, username and password remains the dominant technology, and while large corporations have been able to employ more secure methods, attempts to provide homes with similar protection have been unsuccessful, except in a few cases such as online banking. The hope is that our technology will finally make it possible to provide more sophisticated technology to protect all internet users.”
The system is simpler than current options, Mitchell says, offering people who have little experience of using the internet a way to access the growing number government services going online, such as tax and benefits claims.
ESET Senior Research Fellow David Harley warns that phishing emails are evolving rapidly to become more convincing in a detailed blog post here.Crucially, such emails are often getting through to inboxes of well-defended mail services – meaning that they may find a fresh audience.
Harley says, “Right now malware and phishing forms apparently from reputable companies seem to be particularly successful at getting through mail services with exceptionally good filtering.”
Author Rob Waugh, We Live Security