Most organizations still adopt the policy of using passwords to gain access to critical systems and assets. While a dual factor authentication may be enabled, passwords still remain a preferred favorite as one level of authentication. They are a way of life in an IT organization. Yet, despite the repeated news on weak passwords being the cause of attacks, the practice of using them still continues. Reports say that an average of 19% enterprise professionals use poor quality passwords or shared passwords that make their accounts easily vulnerable. 2016 Verizon Data Breach Investigations suggest that poor quality, weak and shared passwords attributed to 63% of the confirmed data breaches. But is the quality of passwords alone to blame here?
The advent of BYOD has added fuel to the fire, come to think of it. You cannot keep complex passwords because it gets difficult to type them on a mobile device, for instance. Secondly, best practice suggests that you should not keep yourself logged in throughout unless you are required to access the system. So, the quality of passwords naturally tends to be poor owing to convenience of typing out these passwords. In today’s time, a dual factor authentication mechanism has become a usual affair. So, then the question arises, what is the compatibility of a dual factor mechanism to be set up across all media? Can a dual factor token used on a laptop be used for a tablet device or mobile device seamlessly? If not, then is authentication compromised? What needs to be done in such a scenario?
Solution for better authentication
The ideal solution is to firstly ensure a multi factor authentication mechanism is in place if not already implemented. BYOD is an inevitable exercise in today’s times. So, the multi factor authentication solution should be such that it is able to provide flexibility and compatibility across devices. To begin with, passwords should be at least an 8 character alphanumeric word – a combination of lowercase, uppercase letters, number and special character. Also, special care should be taken to ensure that common Dictionary words and common passwords such as QwertY@12345 also are not used. This in itself ensures there are at the very least about 100+ million combinations. A hacker’s toolkit is not going to be able to crack the combinations quickly. Neither is the hacker going to take the pain of identifying the right combination. In conjunction with this, a dual factor mechanism should be used. Now, as far as a dual factor is concerned, flexibility across devices for compatible authentication mechanisms should be enabled. For instance, a dual factor token for a laptop, a bio-metric authentication such as a fingerprint scanning for mobile or voice recognition for tablet devices etc. should be facilitated for access to the same system. This can ensure foolproof authentication and at the same time flexible authentication methods across devices. Having said this, the better scenario would be to have common and apt authentication mechanisms across all media i.e. laptop, mobile and tablet.
Fool-proof solution for robust authentication
Will the above mentioned techniques be effective considering the zillions of user passwords and user authentication that needs to be managed in organizations? Well, managing these manually might be a futile exercise and also unproductive. The most effective solution to ensure robust security while keeping intact the productivity would be to install password management, single sign-on tool and multi-factor authentication tools. Better still would be to deploy a Privileged Access Management (PAM) solution which has these capabilities. A PAM solution is well-rounded in its ability to automatically manage passwords and ensure strong authentication and access mechanisms.
How Sectona can help?
Sectona has built its own Privileged Access Management – Spectra PAM solution with robust privileged password management and authentication techniques to ensure strong security of user access to critical devices both on cloud and on-premise.