Work accounts, social media, entertainment apps; there are so many digital services that we rely on today and they all have one thing in common – they all require a password.
So, do you create a password for each one in the hope you can pull the information from the depths of your memory when you need it? Or do you do the easy thing and just reuse an existing password?
According to a research report carried out by Dashlane and Virginia Tech, in which the passwords of 28.8 million users were analysed, 52% were found to use the same or similar passwords for a number of online services.
More worryingly, it also found that even if one account was compromised, users would reuse the already leaked passwords for years on other services. Just under a third (30%) of these modified and reused passwords could be cracked within 10 guesses.
Given this trend, alongside the rise in phishing and spear phishing attacks, users and businesses need to implement more robust and comprehensive password controls, such as two-factor authentication, to prevent unauthorised access.
What is two-factor authentication?
A password-only approach is just not good enough. It’s far too easy for cyber criminals – experienced or otherwise – to obtain the information needed to access someone’s account or a business’ network.
Two-factor authentication addresses this problem by providing an additional layer of security to a user or business. It requires that the user provides two bits of information (a password and pin code, for example) to access an account. The second bit of information could be any of the following:
Personal identification number (PIN), a password, answers to secret questions or specific keystroke patters
Something they have in their possession, such as a credit card, smartphone or piece of hardware
Biometric pattern of a finger print, an iris scan or voice-activated login (a bit more complex)
How two-factor authentication can prevent cyber attacks
With two-factor authentication enabled, the compromise of just one of the above bits of information won’t unlock an account so even if a cyber criminal obtains a user’s password, they would still need the second bit of information to gain access.
Having this two-step process makes it much more difficult for a cyber criminal to break into a user’s account or a business’ network. People (and businesses) can also be confident that their information is safe and secure.
It’s no silver bullet but adds a much-needed layer of security.
What are the business benefits of two-factor authentication?
Two-factor authentication also enables businesses to be more productive and mobile.
Using two-factor authentication, a business’ employees can securely access business services from any device or location without putting the network and/or sensitive information at risk. This will also help to promote BYOD and remote working in businesses.
Also, two-factor authentication allows businesses to use single sign-on for multiple applications – a more advanced login process. In essence, single sign-on allows users to log in with one set of validated credentials to access multiple work applications and tools, rather than having to log in multiple times. This centralises authentication and makes it easy for employees to access what they need, when they need it.
Protecting endpoints is the main challenge
As cyber criminals continue to target endpoints (mobile phones, laptops and other remote devices on a network) keeping those endpoints secure is vital.
By installing and configuring two-factor authentication to employee devices connecting to the business network, businesses can protect both services and employees. It’s by no means the only solution, so businesses should look to add other cyber security solutions to maximise protection and minimise vulnerabilities.
One step further than two-factor authentication is public key infrastructure (PKI) authentication. This method is much more sophisticated and useful in protecting communications between a target server (i.e. a business’ website or network) and users.
PKI authentication works by using two different cryptographic keys, a public key and a private key. The public key is available to any user that connects to the network. The private key is a unique key generated when a connection is made and kept secret. The user uses the public key to encrypt and decrypt information, while the server uses the private key. This keeps information safe and secure online.
PKI uses digital certificates. These certificates are issued to specific people and used to identify parties and authenticate connects to a target server. If a user or device without a certificate connects, they will not be authenticated.
The Privatise Business VPN offers PKI security as standard. As soon as it’s installed to a device, a security certificate unique to that device is installed. The certificate contains all the user’s security credentials, so they never need to remember a username or password – it’s all done automatically.
Once set up and the user has logged in, there’s nothing extra to validate or approve – meaning communications online are always protected.
Using Privatise, businesses can protect online communications and employee information from the prying eyes of cyber criminals looking to obtain and use employee passwords to access a business’ network.
The time to take security seriously is now. Without the right solutions in place, protecting your business from cyber criminals is an uphill challenge.
In our market research report, Assessing the struggle of UK SMBs against cyber criminals, we take a look at the current cyber security landscape, as well as the growing cyber threat. Download the free market research report by clicking here or the button below.
Appstractor Corporation is home to the next generation of simple, innovative technology securing online privacy for your employees & your automated data intelligence