Come to our shop!
With the new year underway, I thought it would be interesting to make some predictions about what will happen with web and mobile authentication in 2012. Here are five predictions for authentication trends in 2012 and even some specific security attacks that could occur this year.
1. BYOMD (bring your own mobile device) will spell big trouble for businesses in terms of data loss in 2012.
Employees and contractors are increasingly bringing their personal smartphones and tablets to work and using the devices for a blend of personal and business related activities. 2012 will bring even more of this and we'll see a few high-profile incidents of enterprise data loss resulting from allowing employees to connect their personal mobile devices to the company network without proper security protocols in place.
The end result will be more businesses enforcing stricter authentication and security policies, particularly in regards to what information can be accessed, used and stored on mobile devices.
2. There will be a large data breach (reminiscent of the Sony online gaming breach of 2011) which will finally cause organizations across many industries to realize they cannot rely solely on passwords to protect user accounts.
In 2011 we saw several large data breaches including the Sony breach that leaked more than 100 million credentials online and the Gawker breach that leaked more than one million. In both instances, the breaches caused a domino effect to spread across the web. Knowing that
many people use the same username and password on multiple websites, fraudsters used the leaked credentials to access accounts on many other, unrelated websites. Sites like Amazon and LinkedIn had to force wide-scale password resets for their users, to prevent further fraud.
In 2012 we anticipate there will be another large scale security breach as a result of weak credentials and poor authentication standards on websites. We anticipate that a dramatic increase in the number and severity of such data breaches will finally bring an end to the use of a single text password as the de facto standard for authentication on the web.
Many popular sites such as LinkedIn, Amazon and Mint.com store large amounts of personal details and financial information, and only rely on a static password for authentication. 2012 will be the year we finally start to see a large number of organizations in gaming, healthcare, education, retail and social networking, start to adopt multiple layers of authentication and multifactor authentication to protect user accounts.