Year in and year out, research studies show us how breaches occur. This year, we don’t expect too many surprises. Just as in the past, it’s likely that most breaches utilize some form of hacking. The DBIR 2012 indicated that hacking is “… linked to almost all compromised records. This makes sense, as these threat actions remain the favored tools of external agents, who, as described above, were behind most breaches. Many attacks continue to thwart or circumvent authentication by combining stolen or guessed credentials (to gain access) with backdoors (to retain access).”  In 2011, hacking was involved in 89 percent of incidents. While sources at Trustwave have indicated that the hospitality industry has marginally improved its ability to protect itself (now slightly less than 38 percent of all incidents), hackers continue to maneuver around firewalls. They “thwart or circumvent authentication” by stealing or guessing our beloved passwords.

Verizon Business maintains that hackers are “scanning the Internet for easily guessable passwords.” Therefore, Verizon places a high premium on the appropriate management of administrative passwords. Actually, password management is at the very top of their list of security tips. Why? It’s because hacking is made simple because of the simplicity of our passwords.

Have you heard that Qizmodo released its list of the 25 Most Popular Passwords for 2012? It was compiled by SplashData who gathered the data from millions of stolen passwords posted online by hackers. In the top spot, unchanged from last year, was the password “password.” It was trailed in the No. 2 spot by the password “123456”, also maintaining its position from last year’s study. Curiously, the password “monkey” has maintained its spot at No. 6 for the second straight year.

Fortunately, there is what sounds like good news for the hospitality industry. In a January 18 article, Wired magazine reported that tech giant Google is targeting the use of passwords. The company is imagining a way to access accounts (i.e., your Gmail account) and log in to applications by simply tapping your computer with your ring finger. Google’s security team discussed this new authentication method in the January/February 2013 edition of IEEE Security & Privacy magazine. In the article, “Authentication at Scale,” Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline multiple techniques for logging into applications. In other words, they’re experimenting with new ways to replace the password, including a Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a user in.

Consider, the hotel of the future. Allow yourself to dream of a magical place where the entire IT infrastructure protects our precious data during a stay. The hotelier will have implemented the latest in firewall technology and undoubtedly trained its entire staff on the importance of privacy, security and PCI compliance. Anything less would be naïve and reckless. However, just imagine how soundly we’d all sleep (or web-surf) knowing that the PMS and POS administrators aren’t using “abc123” (No. 4 of Qizmodo’s Top 25 for 2012) or “letmein” (No. 7) as their passwords. They won’t be using those passwords because no one at the property will be using any passwords. That will be because in 2013 innovators declared war on passwords. Now there’s an advertising pitch waiting to happen: Vacation Paradise Package Awaits You! Pristine Beaches, Uber-fast Wi-Fi and No Passwords.

Daniel Johnson provides strategic thinking and innovative solutions as the chief operations officer of the Venza Group.

©2013 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.