Uber wants to ditch the email-and-password login - here's why
Reuters
This was a fairly normal occurrence for him, except that he was firmly seated at his office in Madison, Wisconsin, and the Uber on the screen was on the outskirts of London.
The text and email from Uber confirmed his fear: his email and password had been changed.
He was locked out with a $31 bill for the London joyride.
Like my brother, many Uber users have found their accounts taken over since March after stolen account information was posted for sale on the Dark Web.
The company investigated and found no breach in its system. While the spate of London-based account takeovers are ultimately a reflection on poor password management of its users rather than a problem with Uber's security, the company is still working to get ahead of larger-scale account lockouts.
Part of that includes ultimately ditching the email and password system that hackers use in favor of a mobile-first approach.
"Uber is committed to developing security features that go beyond relying on email accounts and passwords for verification," the company told Business Insider. "We are investing in rules engines and machine learning and believe we will be able to create a higher quality experience in the long-run by putting resources into technology solutions."
The machine learning system takes time to train as new types of fraud emerge. The London-based account takeovers meant the company had to add even more rules, the source said.
Business Insider
Uber is also being more aggressive about actively acquiring account information when it's posted on sites like Pastebin and notifying users if their accounts could have been compromised, the source said.
My brother, unfortunately, didn't receive this friendly heads up.
Since the hacker had somehow acquired his login information, he or she was able to go in and update the account information with nothing more than a text sent to my brother telling him to email support if it wasn't him. (Uber has since refunded the trip cost and reinstated his account access.)
To prevent that from happening in the future, Uber is testing two-factor authentication in one market. That means that my brother would have received a text on his phone when the hacker was trying to change his account. He would have realized something was wrong and the hacker never would've gotten to hijack his account.
The recent privacy policy update included language which will help enable two-factor authentication within the application itself, rather than going to a separate text message and entering a code, a source said.
"We have been experimenting with two factor authentication in one market, and also exploring alternatives," Uber said. "We may invest more heavily in this area in the future, but given the very limited adoption of second factor authentication on other services, are focusing even more right now on security that will work for all users."
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- Catan adds climate change to the latest edition of the world-famous board game
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- JNK India IPO allotment – How to check allotment, GMP, listing date and more
- Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas