Passwords are insecure - so what do we do now?
We love to hate our passwords. There are far too many to keep track of and we're constantly being fed new recommendations on how best to manage them to keep us "safe". But the truth is that usernames and passwords are not a secure login method. We're in a constant battle between more secure (more complex) and user-friendly (simpler) passwords from which no one emerges victorious. We simply can't remember unique, complex passwords for all the digital services we use today. So what can we do instead?
Even a secure password is not secure
Many studies show that we choose passwords with which we identify ourselves. It could be the name of a pet, the children's date of birth, grandmother's maiden name and so on. In addition, passwords are often reused for a variety of logins, making them even more vulnerable and easier to crack. In this way, a breach, where someone gains access to your details in one place, can result in many more of your accounts being hacked.
A password should also be changed regularly - something that most people don't appreciate. That's why most people make it easy for themselves by simply adding a number or similar to the password. This is hardly conducive to security. Alternatively, people choose a password that is far too simple - or they choose not to change their password at all.
However, if you choose too strong a password, other challenges arise. A complicated password is harder to remember, so many people choose to write it down - on a piece of paper, for example - and put it away. In this way, the password is no stronger than the "hiding place" you put the note in. Under the keyboard or at the top of the desk drawer...?
Safety is required - regardless of activity
In general, awareness of the security measures that should be put in place is relatively high. Unfortunately, few live up to this. The thinking is often: "It's worked before, so it should probably work for a while longer". Naïve, it may seem - yet it is a very common approach.
Of course, this is largely a question of how much security your company feels it needs. If you work in a company with large trade secrets that many people might want to get hold of, there is obviously a different threat picture than for a nursery school, for example. Whatever the case, with the introduction of the GDPR, it is important to protect your information so that the personal data you handle does not fall into the wrong hands.
It becomes more important to increase security in the long term rather than risking the leakage of personal data. Indeed, having to report possible breaches takes infinitely more time than ensuring that security is maintained at an appropriate level from the outset.
Password many times more secure with multifactor authentication
Today, there are good alternatives and complements to logging in with a password, so-called multifactor authentication. Although you have a password as a basis, it does not need to be very complex. Once you have entered the password, a verification code is sent to the mobile device linked to the account - usually your smartphone or tablet. So instead of automatically accessing the account with a password, an element is added to ensure the user's identity. After all, the mobile is directly linked to you as an individual and this element makes authentication many times more secure. It takes much more work for someone to access both your password and your mobile device.
AI is becoming increasingly common and the rapid pace of development makes it possible to take advantage of this in multifactor authentication. In practice, this means that multi-factor authentication is not required in cases where the AI senses that you are in a safe place - your workplace at the time and on the days you are always there, for example. However, if you choose to log in from a holiday destination you have never visited before, the AI will perceive this as suspicious and therefore require the user to undergo multi-factor authentication.
Build your security under controlled conditions
The long-term work of strengthening security in your company is of course associated with costs and it is difficult to calculate exactly what you can save by increasing your security. But it is clear that it will be cheaper to get a grip on the security situation before something happens. Otherwise, you're faced with a situation where you're both putting out fires caused by a breach and having to plan for a more comprehensive security project at the same time. Instead, if you can build your security with good planning and under controlled conditions, it will be a much cheaper job.
Want to know more about how we at WeSafe can help you strengthen security, both through long-term efforts and less complex efforts that make a big difference - such as using multifactor authentication for your accounts? Get in touch and we'll tell you more!