Compromised credentials can render even the best security solutions obsolete, and can lead to often unnoticed security breaches.
Historically, authentication of users has been achieved through simple username and password. But how confident can you really be in securing your business critical information if you are still relying on this method alone?
Whilst you may have a strict password complexity policy within your organisation, unfortunately it becomes much less effective if those same passwords are being reused over and over again on other websites. A breach in security with any of those systems would put your business at imminent risk.
‘Recent studies have shown that more than half (55%) of adult internet users admit they use the same password for most, if not all, websites, according to Ofcom’s Adults’ Media Use and Attitudes Report 2013.’ (Source: http://media.ofcom.org.uk/2013/04/23/uk-adults-taking-online-password-security-risks/ )
One striking example of the risks inherent with password reuse was the Adobe password database leak of 150 million people. ‘If your Adobe password is compromised, that possibly won't have a huge impact on your online life. But if that same password is being used elsewhere on the net (and sadly, we know that many people use the same password for multiple websites) then the consequences could be significant.’ (source: http://www.theguardian.com/technology/2013/nov/07/adobe-password-leak-can-check)
Since then, the eBay breach has thrust password security back into the spotlight, with many news articles highlighting how, with 2-factor or multi-factor authentication in place, a password alone is not enough for would-be hackers to gain access – offering much stronger security.
Multi-factor authentication can be achieved using a combination of the following factors:
- Something You Know – password or PIN
- Something You Have – hardware or software token
- Something You Are – biometrics, such as a fingerprint
Because multi-factor authentication security requires multiple means of identification at login, it is widely recognised as the most secure software authentication method for authenticating access to data and applications.
Yet many organisations still allow access to their valuable VPN, Citrix, and Outlook Web Access resources with often a weak password. Strong authentication enables organisations to strengthen the protection of these vital resources.
Although traditional 2-factor authentication systems required large initial investments in costly specialist servers, the purchase and management of physical tokens, and ongoing outlays for expensive hardware renewals and the IT overhead of maintaining and operating these systems, modern solutions require much less outlay and are far more resilient and scalable.
Incidents like the eBay breach are going to put password systems under an increasing amount of scrutiny. With more advanced authentication systems now available, and with a much lower barrier to entry, are we likely to see simple password systems gradually phased out?
To contact Nettitude's editor, please email email@example.com.