The Password is Dead: Introducing MFA

by

As luck would have it, “password12345” just isn’t cutting it for account security anymore. The password is dead: more and more headlines are using this phrase to describe severe security issues with the average password. It’s true that bigger and bolder hacks have recently put billions of passwords out there – a major risk for your online security. But why is this a problem with the passwords themselves? Actually, it isn’t — the problem lies with people.

 

Most people make four major mistakes with their passwords

1. We make easy-to-guess passwords

The top five passwords in 2018, which have changed very little in the past five years, are all variations of the numbers 1234567 & 8 OR are simply the word “Password” or the string of keys “qwerty.” Many people use their birth date or names of their family within their passwords as an easy way to remember it – but if a hacker has this basic information, guessing your password is a piece of cake.

 

2. We keep the same password(s) for a long time

68% of people are using a password five years or older. So if some long forgotten site you signed up for is hacked, and you’re still using the same password, they can use it to log into more of your accounts.

 

3. We don’t use enough passwords

54% of people use five or fewer passwords across all of their accounts. If one of these passwords falls into the wrong hands, all of your accounts are in danger. This is why the hacking of a single site, like Yahoo’s 2014 hack, can be so serious – most of those passwords were (and probably still are) used on other sites, including accounts with sensitive information.

 

4. We use passwords in unsafe ways

This can range from logging into an account using free public WiFi that’s not secured, or even using their own WiFi if a discovered vulnerability has not been fixed.

All of these mistakes add up to one larger mistake: not using MFA (multi-factor authentication). MFA is the method of using more than one security measure to confirm you are who you say you are. In a world of remote access, it’s the single barrier we have between weak passwords and opportunistic hackers. There are different types of authentication, the following being widely-used, key methods:

 

Knowledge based authentication

Using a PIN or “secret question” that you enter alongside your password. These are subject to the same vulnerabilities as your password, but are still something that can be used in conjunction with a password.

 

Biometric data

Like fingerprint scans or facial recognition. These are typically very secure, but can sometimes be difficult to easily use (think about all the times your phone didn’t read your fingerprint properly – or if you even use the fingerprint scan on your phone in the first place!

 

Security tokens

The most widely used secondary authentication. The most common form uses your smartphone to generate a unique, random password when you are logging into your account. It’s highly unlikely a hacker has access to both your account information and your physical smartphone, while it’s highly likely you have your phone with you, which is why this is such a popular option.

Multifactor authentication is important for both business and personal use. In your business, it allows for remote access away from the office while still keeping company information secure. Personal use protects an individual’s security, but given the previously discussed nature of passwords, it’s also incredibly helpful for a business to prevent one personal hacking incident from impacting the entire office. Multi-factor is easy to implement and cheap (Google Authenticator is free, although it has no centralized administration and is probably not a good choice for a business setting).

Here at Integris, we strongly encourage that all of the businesses we serve implement multi-factor authentication, and set it up to be as easy and efficient as possible. We see it as a great security measure that’s in line with our philosophy of being a proactive IT provider and cyber security specialist. The bottom line: With Integris’s help, you can say goodbye to passwords and embrace the future of MFA.

We're Integris. We're always working to empower people through technology.

Keep reading

Nine Rules For Strong Password Creation

Nine Rules For Strong Password Creation

Do your employees know how to create a strong password? Is authentication management a priority at your company? If you're answering no to either question, you could be placing your organization at serious risk. Why? Because guessing employee logins is one of the key...

Zero-Trust Architecture: What is it and why should you care?

Zero-Trust Architecture: What is it and why should you care?

If you're like most people, the thought of your sensitive business data being stolen by some creep (that probably spends their entire day in pajama pants covered in Cheeto crumbs) is both infuriating and panic-inducing. You've got two choices: 1. You can either go to...

Why Multifactor Authentication is Way Better Than Passwords

Why Multifactor Authentication is Way Better Than Passwords

Time hasn’t been kind to the password. It’s continuously put down as one of the least secure methods of protecting systems. It’s not due to any fault of the password, though. People just have a hard time remembering long and complex passwords. And considering what's...