Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 7th, 2012 in Underground Economy by Simply Security | Be the first to comment | Tags: Underground Economy

Passwords may become an outmoded data security mechanism sooner than expected.

Graphics and mobile processor manufacturer Nvidia has joined the already-extensive list of companies publicly acknowledging a password breach in the past few weeks. While it appears the incident is not quite as serious as originally suspected, it has once again forced security experts to wonder if relying on a password-centric authentication protocol is not a fundamentally flawed approach.

Limited scope, high stakes

Nvidia had been aware of some suspicious behavior taking place in its online forums for several weeks before ultimately informing users last week that an unknown number of account passwords had been obtained and possibly compromised by hackers. The company had diligently scrambled the login credentials using advanced encryption, according to the Associated Press, but officials could not yet pinpoint exactly how many of the nearly 400,000 registered community members were affected.

As investigations continued over the weekend, Nvidia decided to shut down the site before instructing users on next steps.

"We [suspended operations] in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords," the company wrote in a statement posted to Nvidia Developer Zone. "As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere."

Investigators have now confirmed that approximately 800 community users were affected by incident. While this is certainly good news for the vast majority of developers, the unfortunate few did have their login credentials and separate personal profile information posted online.

According to InformationWeek, hackers have since claimed responsibility for what they are calling the "Apollo Project." It seems the cybercriminals were focused on a select subset of community members and walked away with information on high-profile corporate accounts including ARM, Bloomberg and Honda.

Death of the password?

The Nvidia password breach may seem like a drop in the bucket when compared to recent data security scares encountered by Yahoo, LinkedIn and eHarmony, but it shares many of the same disturbing takeaways. In this case, even Nvidia's superior encryption practices were not enough to keep hackers at bay and user information secure.

As password protection failures continue to pile up in industry headlines, more than a few are calling for a rapid migration to new authentication and access governance protocol. According to the Washington Post, there is still time to fulfill IBM's "death of the password" prophecy, which the tech giant outlined as a top five tech trend to follow in 2012. Alternative solutions such a biometrics are already well into their research and development cycles, and the continued failure of password-centric data protection paradigms may only fuel interest and investment in such technologies.

Data Security News from SimplySecurity.com by Trend Micro