Tuesday, April 12, 2005

Yet another huge ID theft

Lexis Nexis ID theft much worse than thought - Spam, Scams & Viruses - MSNBC.com

I guess it always has to get worse before it gets better. This theft and the Choicepoint theft were done at companies where there is a more vigilant approach to security than most businesses. It points out how vulnerable our systems are even when security is a top priority.

While the company is downplaying the incident claiming that the breach was caused by their legitimate customers allowing their ids and passwords to be stolen, I think the company needs to bear the bulk of the responsibility for the incident. Current estimates put the impacted identities at about 310,000 people. Oops.

I think it's probably time for people to start seriously think about finding a way to require identity verification to access these sensitive systems online. Maybe some of the two factor id systems like the one Verisign is trying to sell need to be investigated.

Unfortunately, these types of systems blow apart the business models of some of the online companies. It can easily add $10 to the cost of acquiring a new customer. Some volume plays (eBay, for example) would have a tough time covering that type of expense and continuing to make money.

Whatever winds up getting developed to help secure systems better, I think it's pretty safe to say that username/password has come near the end of its useful life for sensitive systems.

No comments:

Post a Comment