ReadWriteWeb

High profile security breaches into cloud-based applications like GMail and Google Apps serve to remind us that when people and companies stores all their information "out there" then security measures are of critical importance.

In most cases the security breaches are "front door" attacks where a hacker has exploited a weak password or the password recovery process. "Security Breach" has many connotations: an insecure applications, unpatched servers, back-doors or inside jobs. But where a hacker exploits a weak password or a user's use of a favourite password across multiple sites, who is to blame? Perhaps the only failing in such circumstances is that the application allowed a weak password, or rather that it used single-factor authentication.

Single sign-on may seem like a service whose time has past. Meant to provide access to multiple resources through one set of credentials, it initially seemed like a godsend for enterprise I.T. At least, until reality set in. Soon people realized that single sign-on was difficult to set up, risky if not paired with other strong authentication mechanisms, and darned near impossible in real life use cases - so much so, in fact, that some people now prefer the term "reduced sign-on" instead. For the end user - the very person the whole system was supposed to help - SSO was never really that convenient either. But that may be about to change, and all thanks to the cloud and a service called myOneLogin.

The arms race between spammers, bots and publishers can drive the rest of us crazy too, and nowhere is that more evident than in the often maddening CAPTCHA challenges we have to jump through on many websites. Those squiggly lines run together and are too often impossible to identify. One company in Portland, Oregon believes their system of image based authentication could be used to replace traditional CAPTCHA systems.

Vidoop is a user authentication service provider that emphasizes financial services markets and OpenID. The company's core product lets users log in to sites by entering letters and numbers on top of images in a chart that only a human eye can identify; now Vidoop thinks it can apply the same principle to CAPTCHA. It's an intriguing possibility, as you can see below. It's not without controversy, however.

A new survey from Gartner Research delivers some bad news regarding our online security practices: two-thirds of U.S. consumers use the same one or two passwords for all the websites they access. And they like it that way. Although people claim they're concerned about security, they still tend to use unsafe password management techniques rather than exploring new methods - be they new hardware, software, or new authentication frameworks like OpenID.

A company who believes they have the solution to our online security woes is Yubico, makers of a small USB dongle known as the Yubikey. This ingenious authentication solution can be combined with OpenID or other third party web sites to provide secure authentication on the web.

Authentication is an area of security that is more important than ever, especially since we're now using the web to access all sorts of private data, from personal communications to online banking sites. Yet as those services become more sophisticated and complex, so do the techniques used by criminals wanting access to our private information. Although many of these sites force you to create strong passwords, a password alone is not your best defense against identity thieves. For the best security, multi-factor authentication is needed, and that's what Yubikey provides.