Moving beyond the password with 2FA
For more tips and how-to's, visit our tech blog
In 2013, Intel began World Password Day to promote users to keep strong passwords to protect our ever-sprawling online identities. Since then, the mindset of many tech communities has shifted. 2013 saw some of the largest data breaches in recent memory including Target Corporation and Adobe Systems. The result of these breaches and many more was even more user details leaked to online hacker communities. The immediate response is to ensure your logins are as secure as possible, and it makes sense to update your passwords – at least it would make sense if they’re your only layer of defence.
In just a few short years so much changes. We now have a number of security layers protecting you and your data from malicious hackers.
By introducing multifactor authentication (MFA) to devices and applications, companies and individuals help ensure safe remote work and play. Two Factor authentication provides an additional level of security. Although the number of authentication factors for mobile devices has increased significantly, the risk of your mobile being lost or stolen becomes its own vulnerability.
Fortunately many organizations, websites, and online services have outgrown single-factor authentication like a simple password. Adding an extra layer of security by combining authentication factors, you can corner a hacker who might think he only needs a password to access your account.
Multi Factor Authentication (or MFA, or 2FA) is a simple idea that provides a tremendous improvement in security. By requiring something you know (username and password) AND something you have (mobile phone), security is increased by an order of magnitude. Click here to read more
Imagine this: Even if a website falls victim to a password breach, accounts with two-factor authentication remain protected due to the second verification step. This protects against the possibility that an authorized user may obtain account information unless they can perform the second step.
There are many examples of Multifactor Authentication you might be familiar with, even without realising. Many online bank or payroll logins send a code to your phone or email. Your remote access may be using a software called Duo to verify your identity in a mobile app. Many modern laptops even have a fingerprint sensor that only you can unlock.
Of course, despite how fast technology moves we’re often slow the adapt. While opportunities for MFA ramp up we need to proactively keep ourselves secure, and make sure any potential data loss is minimised.
Dr. Torsten George, cybersecurity specialist at Centrify says “When we talk to CEOs, they are all worried about malware, but when we talk to CIOs and CISO, they are aware that identity is the issue, the password has been around since medieval times, so I think 20 years from now there will still be user names and passwords. It’s stunning since there are very simple steps we can take.”
On a more positive note, for those looking to eliminate the password, risk-based authentication technology offers some hope, as does a recent move by Microsoft to no longer recommend users change their passwords every 60 days. Microsoft has been moving to multifactor authentication, saying that “ancient” password practices must change.
So enjoy this World Password Day. Some day it may be a thing of the past.
—
If you’re concerned about login security, contact Health IT