VIP (Validation ID Protection)

 View Only

The username-password paradigm 

Apr 06, 2015 12:36 PM

Organizations with customer facing applications struggle to create a transparent or “frictionless” user experience and still provide the security needed to safeguard customer’s information.  If users need to type in long cumbersome passwords they complain.  As demonstrated by the backlash Amazon owned Twitch experienced after they told users they needed to recreate their passwords after a recent breach.  

According to a recent Forbes.com article http://onforb.es/1C7MqgC  “some said they couldn’t remember their password, others said when they tried to change their passwords to anything less than 20 characters they weren’t allowed, due to the site’s restrictions.”  One customer told the company on their Facebook page that “if users want to use bad passwords, that’s their problem, not yours”.  Surprisingly, Twitch made the announced it would reduce the limit on minimum password length to eight characters.

This is a classic example of convenience taking precedence over security.  Even though the various kinds of information that could have been comprised would have given a hacker a good chance of stealing a victim’s identity, users would rather have a convenient experience. 

When ask about the Twitch breach, authentication expert Per Thorsheim said “it didn’t make sense to lower the length requirement after a breach”.  The Forbes article concluded with the statement “if any more evidence was needed that the username-password paradigm is a flawed form of authentication, the Twitch breach has provided it”.

Passwords alone are inherently weak but adding security always raises concerns about making the experience too cumbersome and driving away customers.  From its inception Symantec VIP has been focused on providing strong authentication with a user friendly experience.  Many customer facing applications use VIP to provide second factor authentication whether it’s a 6 digit code or a 4-digit PIN.

This month Symantec announces a new release of VIP that will take convenience one step further and eliminated the password for iOS devices that support fingerprint authentication - then all you’ll need is a fingerprint!

Learn more about VIP at http://www.symantec.com/vip

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Oct 12, 2015 12:41 PM

Good Job guys!

Aug 27, 2015 05:45 AM

ok

Jun 07, 2015 11:17 AM

How do I find Verisign?

 

May 11, 2015 02:02 PM

We have multiple documents to be signed daily and might need some help in other services.

Related Entries and Links

No Related Resource entered.