Most of us understand that ‘123456’ should never be used as a password, but it doesn’t stop lots of people. It’s still the number one choice after years of bad publicity.
Humans are also very good at taking shortcuts, relying on habit, saving time, helping others, sharing logins, trusting colleagues, and reading emails. These are all exploitable characteristics for a hacker. We know better, but most of us also try to be decent people who get along with others. For a scammer, that can be gullible enough.
Security technology has often struggled to keep pace with scammers and hackers. Wherever technology needs to interface with humans, it also needs to be simple or people won’t (or can’t) use it. Unfortunately, these are conflicting requirements – something easy to use, but difficult to hack.
Two-factor authentication (2FA) has been one of the most successful steps forwards in balancing the need for a complex security system to also interface with humans. Security is inherent to the process.
It works because unlike normal username and password logon processes, 2FA requires a second ‘factor’ or ‘condition’ to be met for a logon on to be successful. To log on, you need two unrelated things. Usually, one thing is ‘something you know’ (your pin or password) and the other is ‘something you have’ or get given (typically a code sent to your phone, or in more ‘traditional’ organisations – a security fob). Two different things make it much less likely that both can be stolen from you.
2FA makes sense
It minimises opportunities for hackers to use human or technical means to compromise your logon through technology because it’s a process which the bank or website forces you to do. It’s a little bit of extra effort, but most of us appreciate its value.
Unfortunately, each of the two factors is still hackable, and 2FA only focuses on the security of the logon process itself. It simply raises the bar.
If you’re reading this, you will have an appreciation for how easily the ‘something you know’ can get stolen – can you find your password in the Ashley Madison hack list? What about Adobe? Target? What’s important is that you don’t use that password elsewhere.
The ‘something you have’ factor is equally as vulnerable. A security code (for example) is delivered to you using a pathway of networks and computers that stays fairly consistent over time – you might move locations, but your computer and phone are usually the same. These can be compromised using malware or even physically stolen.
Currently, a fake banking app is targeting major Australian banks and stealing passwords and security codes from Android phones.
Ultimately, the security of the whole logon process relies on a combination of your own computer security, your network security, the session security, your mobile phone security, and the security practices of the organisation whose service you’re trying to access.
The constants in this – your devices, computers and network are also the most successfully targeted by hackers and scammers because they can be attacked patiently over a period of time until something works – and because we’re human.
BankVault logically deals with this by shifting all of the potentially vulnerable activity at your end into what is, quite simply, a virtual ‘third factor’—one that isn’t ever there long enough to be hacked.
BankVault builds a new virtual operating system every time, and it doesn’t technically exist on your computer at all.
The constant factors at your end—the ones that can be targeted by hackers—are simply removed from the process.
This eliminates the risk from all types of viruses, keyloggers, spyware, ransomware, remote access software and other common tricks that could be existing on your system – or your network, and which 2FA doesn’t address.
BankVault launches a new, secure and obscure virtual operating system from a tiny USB that only you have – your own computer’s operating system doesn’t even boot up. Each BankVault environment you create only ever exists once – and it exists only for the time it is being used. You’ll create another unique one again next time. This doesn’t give an attacker the time or the opportunity to target it. You simply can’t hack what isn’t there!
BankVault raises the bar for hacker’s ridiculously high, without adding the complexity that humans hate so much.
It doesn’t blindly rely on software updates or virus definitions from IT companies and it doesn’t expect people to be perfect.
For anyone who considers two factor authentication worthwhile—and you should—BankVault plugs a considerable security gap with a logical solution.