Password should not be your "password"
The recent Gawker database breach is yet another reminder of the weakness of the traditional "username and password" form of security. Previous database breaches, like this one, have shown that users do not realize how vulnerable they are making themselves and potentially their employers to identity and data theft by using weak passwords.
Steve Ragan of the Tech Herald wrote a story that includes a list of the top 250 passwords used by the Conficker Worm that you can read here. The list of passwords is truly impressive and includes many of the classics such as, "12345," "qwerty" and of course "password." It is surprising and concerning that these passwords continue to be used time and time again.
With the exposure of all of these passwords, we can't help but emphasize the value in providing strong (or two-factor) authentication with solutions like our cloud-based VeriSign Identity Protection (VIP) Authentication Service. Strong authentication can be especially critical to the enterprise where mobile employees, partners and customers are logging in and accessing sensitive data.
As these types of breaches continue, more and more enterprise and consumer users will be put at risk. The "username and password" system is an antiquated system that can't be relied on to protect sensitive information. Additional layers of security are needed to protect users, enterprises and sensitive data and that starts with adding strong authentication.