Researchers at Dartmouth College in Hanover, N.H., are urging organizations to eliminate security based on usernames and passwords for stronger identity technologies due to an ongoing study.
The year-long research project, hosted at Dartmouth College's Institute for Security, Technology and Society and funded by the New Hampshire Innovation Research Center, aims to identify weak links, vulnerabilities and economies of scale that have led to an epidemic of data breaches, according to Fosters.com.
Usernames are usually easily guessable and can be quickly connected to an individual's social media accounts, public records and email, exposing his or her information, the researchers found. Even when organizations implement second-factor authentication, the breach rate remains high because it is simply a second mechanism, adding more time but not difficulty, according to the report.
Instead, the researchers recommend implementing security token authentication for online systems or secure mobile apps. The one-time access or limited ports of access prevent a hacker from gaining access to a company's whole system through one user's credentials, according to the report.
The research project is set to conclude June 30, 2015, and will continue to update findings throughout the process, according to the report.