Questions over Internet security jumped to the forefront again after hackers infiltrated Mat Honan, a technology journalist's Amazon, Apple, Google, and Twitter accounts.
The hacking has raised many questions and security analysts wonder if Apple's iCloud, Google Apps, Amazon's Cloud Drive, Microsoft's Windows Live and done enough to secure ways to authenticate users.
"People are being urged to trust their data to the Internet cloud, but then you find that the operational security is alarmingly lax," said Stephen Cobb, security analyst, ESET
Honan's digital life was ruined by the hackers and highlights how web companies have been slow to establish better procedures to ascertain the authenticity of online loggers.
There is differing requirements of information asked to access online accounts in industries like banking, media, and commerce. In the case of password resetting, the information asked is too little, making it a easy game for hackers to abuse the existing setup.
Banks and Google gmail offer a multi-factor authentication system, where you are sent a single-use PIN code to your handheld, which is to be used to login to the site along with the username and password before a transaction is completed. This system is difficult for subversion.
The need for wider deployment of stronger systems is getting intensified said Todd Feinman, CEO Identity Finder.
Honan's iPhone, iPad, and MacBook files were wiped clean.
Apple has suspended its phone password-reset service and launched a security review, said Natalie Kerris, spokeswoman Apple.
Web companies are not likely to switch to multi-factor authentication system or one-time PIN systems in the near future. "Many...are expensive and difficult to manage...And companies are concerned they could frustrate the user" said Chris Brennan, CEO NetAuthority.
Consumer awareness about these things is low and consumers must demand for stronger authentication systems and be ready to accept "a slight level of inconvenience," said Gregg Martin of FishNet Security.
While the initiative to such security must come from Web companies argues Cobb. "Improving security is 100 percent the responsibility of the cloud service providers because they are the ones trying to sign people up to the cloud model," he said.
