New technology protects against password theft and phishing attacks

Aug 20, 2013

New technology launched today by Royal Holloway University, will help protect people from the cyber attack known as "phishing," believed to have affected 37.3 million of us last year, and from online password theft, which rose by 300% during 2012-13.

Phishing involves cyber criminals creating that look like real ones and luring users into entering their login details, and sometimes personal and financial information. In recent months, the Syrian Electronic Army (SEA) has successfully launched phishing attacks against employees of the Financial Times to enable them to post material to its website, and mass attacks were launched within Iran using a fake Google email, shortly before the elections.

Scientists from Royal Holloway have devised a new system called Uni-IDM which will enable people to create electronic identity cards for each website they access. These are then securely stored, allowing owners to simply click on the card when they want to log back in, safe in the knowledge that the data will only be sent to the authentic website. A key feature of the technology is that it is able to recognise the increasing number of websites that offer more secure login systems and present people with a helpful and uniform way of using these.

"We have known for a long time that the username and password system is problematic and very insecure, proving a headache for even the largest websites. LinkedIn was hacked, and over six million stolen user passwords were then posted on a website used by Russian ; Facebook admitted in 2011 that 600,000 of its were being compromised every single day," said Professor Chris Mitchell from Royal Holloway's Information Security Group.

"Despite this, username and password remains the dominant technology, and while have been able to employ more secure methods, attempts to provide homes with similar protection have been unsuccessful, except in a few cases such as online banking. The hope is that our technology will finally make it possible to provide more sophisticated technology to protect all internet users."

Uni-IDM is also expected to offer a solution for people who will need to access the growing number government services going online, such as tax and benefits claims. The system will provide a secure space for these new users, many of whom may have little experience using the internet.

Explore further: UN moves to strengthen digital privacy (Update)

More information: More information is available from: www.chrismitchell.net/Papers/aucbim.pdf

Related Stories

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Recommended for you

UN moves to strengthen digital privacy (Update)

9 hours ago

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

9 hours ago

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

16 hours ago

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1 / 5 (2) Aug 20, 2013
SSL certs already provide this capability and have since the invention of the SSL web encryption. For some reason cert management software never became popular
megmaltese
1.7 / 5 (6) Aug 21, 2013
Sorry but... what is this new technology? No description in the article... what is this article all about???
DarkHorse66
not rated yet Aug 21, 2013
Sorry but... what is this new technology? No description in the article... what is this article all about???


"Scientists from Royal Holloway have devised a new system called Uni-IDM which will enable people to create "electronic identity cards" for each website they access. These are then securely stored, allowing owners to simply click on the card when they want to log back in, safe in the knowledge that the data will only be sent to the authentic website."

(additional quotes=mine, to highlight) I think that they mean software technology. They are certainly referring to it as such here: "Despite this, username and password remains the dominant technology,..."
So no card for your (real world) wallet...
Cheers, DH66

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.