Passwords are not enough, anymore

By August 9, 2013 Blog No Comments

If you have not heard about two factor authentication it’s probably time you did. Back in the pre-broadband 90s, when many small business networks were hidden from hackers by dial-up modem connections, which were inaccessible from the outside, password security was, at best, limited.

The word ‘password’, or a leaving a blank box, were used to access millions of PCs, but as soon as networks were made available to remote users more stringent password rules were required. There is always a cost to this greater security, most significantly in time and inconvenience. Users are now forced to select complex passwords and to change them regularly. The flood of calls to Why Settle support on a Monday morning during the summer, when people return from holiday having wiped their password from memory, is as predictable as the pollen.

Complex passwords are only able to secure your information to an extent, however. Networks can be (and are) hacked by what’s known as Brute Force attacks, when an automated attack tries user name and password combinations hundreds of times per minute.

The IT industry has also been slow to understand the patently obvious on many occasions. Your mother’s maiden name, first school or memorable date should be regarded as publicly available information, not used as security measures when a password reset is needed. For most of us, our mothers’ maiden names are a matter of public record and many record personal data on social networking sites.

Banks were first to waken up to the problem. Most consumer online banking still allows you to work with passwords and pin numbers but if you have an online business account you are already likely to be using two-factor authentication, obliging you to enter a unique code, generated by a separate device, as well as entering your user name and password.

This unique code requirement, as well as a password, is known two-factor authentication. It means that if a criminal gang attains your login and password details they would also need to have the unique code generator to access your data.

The sheer volume of our lives, and businesses, which exists somewhere on a server accessible from the internet opens up a vulnerability which has caught many unprepared. Just as the move away from ‘password’ became necessary, so too will two-factor authentication to protect your data.