Malicious software known as the Kneber botnet was discovered to have hacked more than 75,000 computer systems in 2500 companies and organizations around the world.  The Kneber botnet is the largest known cybersecurity breech damaging the integrity of personal, corporate, and government information systems.

Kneber botnet attacks started in late 2008 on both government and private sector systems, collecting personal login information to various private and public systems, including social networks, financial systems, and e-mail systems. Quoted in the New York Times Amit Yoran, a security expert with NetWitness stated, “Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations around the globe.”

If there is a lesson to learn from this attack, it is the era of usernames and passwords is over.  Usernames and passwords are not secure enough to protect our sensitive personal, corporate, or government data. As this attack shows, malicious software can collect passwords without detection for years.  While experts do not know what happened to the login credentials stolen, chances are criminals attempting to use the compromised credentials, might still be in luck. Usernames and passwords only offer single-factor authentication, something you know.   As clearly illustrated in this case a second factor of authentication would render the information obtained by the Kneber botnet useless.

Two-factor authentication provides a significantly stronger security and privacy protection when accessing various online accounts and systems. Two factor authentication requires an individual to have a card or token and know an associated password. Using two-factor authentication will protect our information and all our online transactions - from logging into Facebook to bank accounts and even to corporate security systems. Kneber botnet proves usernames and passwords belong on the ash-heap of history.