Certivox: “The Death of the Username and Password”

(Ping! Zine Web Tech Magazine) – CertiVox, a leading provider of web 2.0 security services, today announced the publication of exclusive new research for Parallels Summit 2013, in a paper entitled The Death of Username and Password.

The paper, which uses ten “Truths” to illustrate the vulnerability of username and password and its unsuitability for single sign-on, also argues the case for more robust authentication, based on two-factor and multi-factor models, with mobile capability. The content of the paper is drawn from real-world examples and attributed research carried out across many sources, including Experian, Wired, the Information Commissioner’s Office (ICO), the Federal Financial Institutions Examination Council (FFIEC), Microsoft, and others.

The Death of Username and Password assembles some shocking and disturbing examples of the legacy of vulnerability that the username/password-driven internet has created. Here is just a foretaste:

  • A security breach at Yahoo showed that thousands of users’ passwords were either “password”, “welcome”, “123456” or “ninja”. People routinely choose terribly insecure passwords!
  • Governments choose insecure passwords, too; at the height of the Cold War, the secret unlocking code for America’s nuclear missiles was “00000000”!
  • 64% of end users report that they have written down their password at least once
  • 70% of people do not use a unique password for each website
  • Data breaches and offences in 2012 resulted in fines worth millions, across US and UK businesses and organisations in the Financial, Insurance, Legal, Government, and Healthcare sectors
  • Your passport details will sell online for as little as $20. Your credit card details will go for between $1 and $3

Brian Spector, CEO, CertiVox, said “This is not a technical paper – it’s an impassioned, argumentative, occasionally humorous call to action, backed up with many real-world examples. We wanted to give readers a real jolt, regardless of their business or technical expertise, and show them the consequences of believing that username and password is somehow the best that our world can hope for. It’s not, it has no reason to be, and at the Parallels Summit we are concretely demonstrating why.”

The paper can be downloaded from https://certivox.com/death-username-password/

CertiVox activities – Parallels Summit 2013

You can visit CertiVox during the event on Booth 704.  The following events, involving CertiVox, will also be taking place at the Parallels Summit 2013:

  • Technology Partner Panel at Analyst Day, Feb 4, 11:45-12:30pm. Room: Pompeian 1This is a private pre-day event only with analysts and press. Other panellists will be Microsoft, Cisco, and EMC Mozy. There will be around 30 industry analysts in the audience, including Gartner, IDC, Forrester and 451 Group
  • Technical Track – 4th Feb  between  08:15-17:00 – APS 2.0 Developer boot-camp training for ISVs & SIs. Gene Myers (CertiVox) will be available to answer delegates’ questions on SSO
  • Partner Theatre –  5th Feb  at 12:45 – Growing Your Revenues with Single Sign-On, Multi-Factor Authentication for the Cloud and Mobile  – Frank Boening (CertiVox)
  • Developer Track – 6th Feb at 10:30 – Extending APS packages with Single Sign-On – Brian Spector and Gene Myers (CertiVox)

About CertiVox

CertiVox is a leading web security company that provides authentication and encryption-based SaaS (software as a service) solutions to government, enterprises and individuals. It helps them to simply and cost-effectively secure and manage their information exchange, including messages and files. It also enables device and software developers to secure and protect their cloud based products, with confidence. For more information, visit www.CertiVox.com