Password-based authentication is the most trusted and adopted method today. Organizations still adopt the policy of using passwords to gain access to critical systems and assets.
Passwords remain the preferred favourite for one of the authentication levels when businesses enable two-factor and multi-factor authentication. They are a way of life in an IT environment. Yet, despite the repeated news of weak passwords being the cause of attacks, the practice of using risky passwords continues.
Reports say that an average of 19% of enterprise professionals use poor-quality passwords or shared passwords that make their accounts easily vulnerable. 2016 Verizon Data Breach Investigation Report (DBIR) suggests that mediocre quality, weak and shared passwords attributed to 63% of the confirmed data breaches. But is it only the password quality that should get all the blame?
There are many reasons for using poor password quality; for instance, the advent of Bring Your Own Device (BYOD) has added fuel to the fire. BYOD lets users access organizational resources on their own devices. Typically, when users access critical data on their personal devices, two challenges arise:
- Firstly, users cannot keep complex passwords because typing them on a mobile device each time makes the authentication tedious.
- Secondly, according to Just-in-Time practices, users can not stay logged in unless they are required to access the system to complete a specific task.
So, the quality of passwords naturally tends to be poor owing to the convenience of typing out these passwords.
On the other hand, today, dual-factor authentication mechanisms have become a usual affair. Generally, a few questions about this mechanism arise. These questions include, what is the compatibility of the dual-factor mechanism to be set up across all media? Can a dual-factor token used on a laptop seamlessly be used for a tablet device or mobile device? If not, then is authentication compromised? What needs to be done in such a scenario?
Solution for Better Authentication of Passwords
The ideal solution is to ensure a Multi-Factor Authentication (MFA) mechanism is in place if not already implemented. BYOD is an inevitable exercise in today’s times. So, enabling MFA should be such that it should provide flexibility and compatibility across devices.
Start with following some password best practices, which is a crucial step toward robust password management. Set up passwords that are at least 8-charactered alphanumeric words – a combination of lowercase, and uppercase letters, numbers, and special characters. Also, ensuring that common Dictionary words and common passwords, such as [email protected], are not used is essential. This ensures there are, at the very least, about 100+ million combinations.
A hacker’s toolkit would not be able to crack the combinations quickly. Neither is the hacker going to take the pain of identifying the right combination. In conjunction with this, a dual-factor mechanism should be used. As far as a dual factor is concerned, flexibility across devices for compatible authentication mechanisms should be enabled.
For instance, a dual factor token for a laptop, biometric authentication such as fingerprint scanning for mobile or, voice recognition for tablet devices etc., should be facilitated for access to the same system. This can ensure fool proof authentication and, at the same time, flexible authentication methods across devices. Hence, the better scenario would be to have common and apt authentication mechanisms across all media, i.e., laptop, mobile and tablet.
Fool Proof Solution for Robust Authentication
Will the above mentioned techniques be effective considering the zillions of user passwords and user authentication that need to be managed in organizations? Well, managing these might be a futile exercise and also unproductive. The most effective solution to ensure robust security while keeping productivity intact would be to install password management, single sign-on, and multi-factor authentication tools. Better still would be to deploy a Privileged Access Management (PAM) solution with all these capabilities. A PAM solution is well-rounded in automatically managing passwords and ensuring strong authentication and access mechanisms.
How Sectona can Help?
Sectona has built its Privileged Access Management Solution with robust privileged password management and authentication techniques to ensure strong security of user access to critical devices both on the cloud and on-premise.
Related Reading: Password Vaulting