Heartbleed Killed Passwords. Here’s What’s Next…

The Heartbleed bug has been a big story in information security ever since it was discovered in early April 2014 – according to a recent survey, more than 300,000 servers are still vulnerable to Heartbleed. Heartbleed is such a unique and unprecedented threat because it enables attackers to eavesdrop on communications, steal data and impersonate services and users.


One lesson of the Heartbleed bug is that despite everyone's best efforts to keep changing up their passwords and use different combinations of letters, numbers and characters, there is increasingly very little that people can do to avoid compromises by remote hacks. As hackers and attacks like Heartbleed grow more sophisticated, there may no longer be any such thing as a "safe password."


This article from Inc.com discusses some of the future alternatives to passwords that will likely become more prevalent in order to take power away from hackers and keep people's personal data safe. Here are a few of the upcoming trends in two-factor verification that IT professionals might need to know about (and implement) in the not-too-distant future:


Security in Your Pocket

Instead of relying only on a memorized password, more online services and banks are starting to provide options for customers to use two-factor verification that is based on a physical object that the customer has in their possession. One common type of two-factor verification involves signing in from a mobile device by entering a code sent by SMS to a users’ phone. For example, the Google Authenticator app will automatically generate a security code and the LaunchKey app will open on the user’s phone, asking the user to swipe the phone to prove that the phone is in their possession. This gives an extra layer of security for users by requiring them to have a specific security-related item in their possession in order to get access to their sensitive data.


Hackproof Identity Verification

What if computers, apps and websites could grant access (or not) based not on a password, but by recognizing the faces or voices of the users? According to Inc.com, fingerprint scanners, facial recognition technology and voice biometrics technology is being developed to help systems identify users without relying on passwords. Bionym offers wearable authentication technology called the “Nymi,” that provides the user’s identity via cardiac rhythm recognition – using a person’s heartbeat as a distinct biological fingerprint.


Chip-and-PIN Credit Cards

Another sign of the increasingly widespread adoption of two-factor verification is in the expansion of chip-and-PIN credit card technology. This type of credit card technology involves a two-step process of swiping the card (or entering the card number) and then entering an additional PIN. This type of credit card technology has been more common in Europe for the past 20 years, but U.S. retailers are starting to adopt it after the December 2013 Target data breach that compromised the credit card information of 40 million customers. With more consumers getting accustomed to using two-step technology to use their credit cards when making a purchase, it will likely become easier to introduce other more secure methods of two-factor verification for other systems.


The era of the password is likely coming to an end, but fortunately there are a variety of technologies coming onto the market that will make it easier to stay one step ahead of hackers and thieves. Information security professionals will need to evaluate which of these authentication solutions is the best fit for their organizations and their users – but hopefully we are reaching a point where it is becoming easier to keep sensitive customer data restricted to only the people who are intended to see it.



Sign Up for The Plug eNewsletter

Stay connected to the IT news that matters most.

By submitting my details, I agree to be informed regularly about Eaton products, promotions and news. I understand and agree that Eaton will use my data to personalize marketing communications. I agree that the personal data that I provide can be shared with Eaton Corporation plc in Ireland, Eaton Corporation in the United States of America and for storage in electronic marketing databases hosted in Canada. Any use of my personal data will take place in compliance with the relevant and applicable data privacy laws and the Eaton Privacy Policy. I can withdraw my consent to receive marketing communications at any time by contacting Eaton.

Thank you

You have been sent a confirmation email to the address provided. To start receiving The Plug eNewsletter, confirm the address by clicking the link in the email.