Passwords are becoming a patently inadequate form of security. They’re simply not enough on their own — and why? Because they rely on users to walk a fine line between complexity and memorability.
Unfortunately, most users opt for something that’s more memorable. That means they use weaker passwords that put their data, their systems, and their network at greater risk.
At one time, 86% of more than 2 million breached passwords were identical to passwords that had already been breached. How is this possible, if everyone’s passwords are long, complex, and unique?
In reality, they’re not. The top 10 most common and repeatedly breached passwords in this report include:
So, while you could simply try to use more complex passwords (and likely forget them), there’s a better way to protect your network — add a secondary authentication method.
Verification of you by a computer system comes in a few ways:
It’s commonly accepted that conventional authentication protocols and password protection are too weak, with today’s hackers easily using sophisticated tools that can hack passwords and get into your system and the data stored on it.
The solution to security on your entire computer system or on your smartphone is a form of secondary authentication — but which method is the best choice for your needs?
Biometrics is a term that refers to measuring unique individual characteristics such as the retina, the iris, fingerprints or even the face. Today, the term is generally used by most people to describe a method for securing computers and stored data requiring a user to undergo a scan of the body part used for recognition.
While many systems use a fingerprint or retinal scan as a user password, systems that are serious about security often use a password and a biometric scan before unlocking the computer or device. Common biometric authentication methods include fingerprint identification, voice recognition, retinal and iris scans, and face scanning and recognition.
A token is a material device that is used to access secure systems. Common forms include a dongle, card, or RFID chip. A token makes it more difficult for a hacker to access an account since they must have long credentials and the tangible device itself, which is much harder for a hacker to obtain.
The fundamental idea surrounding transaction authentication is context — this method seeks out reasonable mistakes when comparing known data about a user with the details of a current transaction.
Consider the security standards applied to your credit card: when you travel internationally, it’s wise to inform your bank of where you’re going, so that transactions outside of your home country do not get flagged. Transaction authentication applies this context-based evaluation of transactions.
An example would be if an individual lives in the United States, but large purchases show up while logged in from an IP address overseas. A red flag is sent up, and this cause for concern requires more verification steps to ensure that the purchase is legitimate and that the user is not a victim of a cyber-crime.
Multi-Factor Authentication (MFA)
When you log in to an account that has MFA enabled, in addition to entering your password, you must either enter in an added generated code, or authorize login with a “push” request to a secondary device.
In the event your password is compromised, your account can remain secure as the cybercriminal is unable to authenticate the secondary requirement.
There is a range of options for generating the MFA codes:
The protection that MFA adds allows you use your passwords for a longer length of time between password resets, and in the event that your service provider is compromised and your email and password end up in an open database on the open web, you will have time to change your password before your individual account is compromised.
ATM’s are prime examples of MFAs because you need a card (physical token) and a PIN (something known) in order for the transaction to take place.
Out-of-Band Authentication (OOB)
A specific type of MFA, OOB utilizes totally separate channels, like mobile devices, to authenticate transactions that originated on a computer.
Any transaction that requires deposits from one place to another, like a large money transfer, would generate a phone call, text or notification on an app that there is more authentication required for the transaction to be completed. With two necessary channels, it is much more difficult for a hacker to steal money.
Unfortunately, we can’t answer that question for you. Depending on your business, its size, its available security budget, and other specific factors, one may be better for you than another. As a baseline, if you do not have any secondary authentication set up, then you should at least start by enabling MFA on all business accounts where it is offered.
If you would like expert assistance managing any of these methods, contact the Alliance Technology Partners team. Our knowledgeable team members are prepared to help you with any concerns you have.