Ever since the commercialization of the World Wide Web in the late ’90s, passwords have been a front-line security method for doing business online. Yet, despite huge advances in technology, password practices for the majority of people have not evolved that much. It is another example of human beings being the weakest link where data security is concerned.
Poor habits
Today everyone from office workers to IT administrators routinely uses passwords as a way to authenticate their identity when accessing privileged online or network content. The only difference is that now they are using them with mobile devices, social media and cloud-based applications to conduct business without walls. This puts businesses at increased risk of a data breach.
According to research by AVG partner Centrify one-in-three users neglects to secure their devices while poor password habits put their employer’s data at risk. On this evidence it’s fair to say conventional password use is no longer fit for purpose in the 21st century and businesses must adopt additional measures to ensure their passwords are up to the task. In my view, many of the user identity breaches reported in the news could have been prevented if better password practices and stronger, multi-factor authentication methods were in use.
Extra layers of protection
Extra layers of authentication are essential to check the authenticity of password users. The sooner businesses large and small start to enforce these across the board – especially where use of bring your own device (BYOD) mobile technology is standard – the sooner they can drastically reduce the risk of data breaches.
Here are five top tips for better password management.
1. Turn on “two-step authentication”. Most mobile services now offer a simple code based system that sends you a numeric password by SMS/Text to secure your login credentials
2. Some mobile phones now provide both identity and access management capabilities. Encourage employees to adopt these and incorporate them as part of your BYOD policy.
3. Make sure company security measures include formal staff training on password best practice. Passwords need to be strong, long and as secure as possible – avoid basic, easy-to-crack passwords. Instead complicate them by using “passphrases” rather than individual words – e.g. rather than “spotthedog” use “5p0tth360g”
4. Why not create a single profile for all corporate log-ins, with segmented privileges for individual employees within the same profile. This way, when someone leaves the company, they can be removed automatically.
5. To aid productivity, make it easier for employees to work anywhere, anytime with mobile technology by moving to a single sign-on environment where every employee has one-click to access to a secure area in the cloud containing all of their work accounts and applications.
