Do we still need passwords?

Moving beyond the password with 2FA

For more tips and how-to's, visit our tech blog

In 2013, Intel began World Password Day to promote users to keep strong passwords to protect our ever-sprawling online identities. Since then, the mindset of many tech communities has shifted. 2013 saw some of the largest data breaches in recent memory including Target Corporation and Adobe Systems. The result of these breaches and many more was even more user details leaked to online hacker communities. The immediate response is to ensure your logins are as secure as possible, and it makes sense to update your passwords – at least it would make sense if they’re your only layer of defence.

In just a few short years so much has changed, and we now have a number of security layers protecting you and your data from malicious hackers.

By introducing multifactor authentication (MFA) to devices and applications, companies and individuals can help ensure safe remote work and play. Two Factor authentication provides an additional level of security, and 2FA is basically an “MFA.” Although the number of authentication factors for mobile devices has increased significantly, it also has a vulnerability, as it requires the use of a mobile device that may be stolen or have technical malfunctions.

Fortunately, many organizations, websites, and online services have outgrown single-factor authentication (SFA), adding an extra layer of security by combining knowledge and possessing authentication factors. Presenting individual factors provides a low level of security, as a hacker only needs a password to gain access to an account.

Imagine this: Even if a website falls victim to a password breach, accounts with two-factor authentication remain protected due to the second verification step. This protects against the possibility that an authorized user may obtain account information and that a hacker may need access to this second verification step to access the account.

There are many examples of Multifactor Authentication you might be familiar with, even without realising – Many online bank or payroll logins send a code to your phone, your email may be using a software called Duo to verify your identity in a mobile app, many modern laptops even have a fingerprint sensor that only you can unlock.

Of course, despite how fast technology moves we’re often slow the adapt. While opportunities for MFA ramp up we need to proactively keep ourselves secure, and make sure any potential data loss is minimised.

Dr. Torsten George, cybersecurity specialist at Centrify says “When we talk to CEOs, they are all worried about malware, but when we talk to CIOs and CISO, they are aware that identity is the issue, the password has been around since medieval times, so I think 20 years from now there will still be user names and passwords. It’s stunning since there are very simple steps we can take.”

On a more positive note, for those looking to eliminate the password, risk-based authentication technology offers some hope, as does a recent move by Microsoft to no longer recommend users change their passwords every 60 days. Microsoft has been moving to multifactor authentication, saying that “ancient” password practices must change.

So enjoy this World Password Day. Some day it may be a thing of the past.

If you’re concerned about login security, contact Health IT