Tuesday, May 07, 2013
Websites create honeypot accounts and multiple pw's to bemuse hackers
Dan Goodin, of Ars Technica, is reporting on a new proposal that websites storing user passwords can increase security. This would apply to both social media and financial institutions. The link is here.
The idea is twofold. One is to create dummy “honeypot” users to attract and trap hackers . The other is to store more than one password on a user’s account. A hacker would not know which password could actually open an account even if he cracked one of them.
This might be more important for mobile devices. When they are stolen, the thief would often have access to all accounts in use on the smartphone. As noted, mobile banking and social networking limits the effectiveness of 2-step verification so useful with laptops and regular (especially work) computers.
Banks could also improve security by limiting the size of possible withdrawals on any debit card within any 24-hour period.