Today is World Password Day 2016 and it’s a great time to take a look at how you use, manage and protect your work and online identity. Many of the data breaches you read about in the headlines, like the recent Reuters breach, are the results of exposed or compromised passwords. While better identity and authentication systems exist using biometrics, OAuth, OpenID and others, most systems still rely on the good old password for access.
If you have to use passwords, you need to make them harder to guess and compromise. Numerous studies over the past few years by Verizon and others show that about 90 percent of successful data breaches started with a weak or default password. With a little ingenuity people can guess weak passwords, especially when you use a default password, like “admin” or something simple like “123456”. The challenge we all have is to make it harder to compromise, but still easy for you to remember.
Strong passwords are the beginning of an identity and authentication process. While trying to create really strong passwords is important, the best approach is to enable multi-factor authentication as part of your identity management processes. Once you are using it, you can think about using encryption as the the next level of data protection to help your protect your most sensitive information.
Here are a few questions and answers to help you understand multi-factor authentication and how it fits into your security.
How does multi-factor authentication work?
If you’ve ever used a fingerprint reader on your phone, you’ve used multi-factor authentication. For example, when you download an app from an app store, it first checks you’re on a trusted device (Factor 1) and then verifies you with your fingerprint (Factor 2). If you’re on your computer, when you enter your username and password, you’ll be asked for a verification code that will be texted to your phone or you might have a physical device that you plug into your computer. Enter in that single-use code or plug in your device, and you’re in.
Why should I use multi-factor authentication?
Last year, 450 million passwords were leaked from major Internet companies. Adding an extra layer to your passwords significantly decreases the risk of someone accessing your account. Think of it like a second lock on your door, or a moat surrounding a castle. Inside businesses, two-factor authentication (2FA) is becoming more common when accessing sensitive information.
What sites and services offer multi-factor authentication?
You can activate multi-factor authentication in the settings for most major websites. Google, Facebook, SalesForce, Gmail, most banking sites and many other websites offer this capability. If you don’t have this capability at work, ask your IT or security department.
Take the Quiz
If you want to test your Security IQ, take this quiz.