Posts

No matter how much people hear “data safety,” they still can get sloppy about their cybersecurity. One of the reasons is that there are so many constant reminders that the warnings just become that much more background noise. Today, let’s do a quick review of the one you hear most about ( and most likely to forget about) Passwords.

Passwords

As annoying as they are (and who doesn’t doest curse them sometimes) passwords are a basic and necessary evil to protect access to your data. One of the root innovations that helps sidestep the tedium of entering ( and remembering ) passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren’t readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices (also known as “ good password hygiene’’)?

Maintaining password best practices

Simple passwords, with nothing but regular vocabulary words (even in other languages) are easily cracked. Most sites generally require mixed case, alphanumeric and a symbol or two for it to be an approved password. Here are a few things to remember.

    • Avoid using the same password across multiple sites or devices.
    • Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be
    • Don’t send passwords ( or any critical personal data, for that matter) via text or email.
    • Don’t save them on a device in an unencrypted file
    • Remember to change them periodically
    • Be sure that access to files is removed immediately when an employee leaves an organization or no longer has need to access particular programs, data or machines

Multi-factor authentication

Related to the password method of maintaining data security, multi-factor authentication is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. Your ATM is an example of MFA. Just a password isn’t enough at the ATM–you have to have your ATM card also. Most of us know MFA through the request to enter a one time code that is sent to us, on a different platform, after we enter our usual password. Again the idea here is that even if a password is stolen, a second form of identification is required to ensure the correct person is gaining access. NOTE: A common form of MFA is to send a text message to your phone. Be aware that if you leave the country and don’t buy a text package for your phone, you may not be able to access some sites that use this form of MFA.

In short, we hear most about password safety, but because it can be such a pain to change them, we open ourselves and our business to data vulnerability. Contact Direct One for ideas to improve your data security.

You have probably already come across the term multi-factor authentication. The concept is not new, but has caught on really quick of late. In this post, we will discuss what multi-factor authentication is and why you should be adopting it.

What is multi-factor authentication?
Multi-factor authentication is basically the use of more than one credential to gain access to data. It is a combination of multiple access credential types. For example, instead of gaining access to an email account by just typing your username and password, you will be asked to further verify your identity by entering some other information, such as a pin or a one-time password (OTP) that was sent to the phone number linked with the email address you are trying to log into.

Why do you need multi-factor authentication?
Multi-factor authentication offers an additional layer of security. Simple access control measures such as logging in with user ID and password are increasingly being breached by cybercriminals because no matter how much we condition ourselves to follow good password hygiene, sometimes, we slip up. Have you ever been guilty of

  • Writing down your password so you don’t forget it
  • Sharing your password with someone just to get the work done faster
  • Used the same password for multiple accounts just because it is easier to remember
  • Creating a password that was obvious/easy to figure out. Examples include your date of birth, numbers or letters in sequence, your name, etc.,

Multi-factor authentication can help prevent cybercrimes that happen due to leaked/hacked passwords.

How does multi-factor authentication work?
The working of multi-factor authentication depends on a combination of the following 3 elements.

  • What you know
  • What you have
  • Who you are

The user has to prove their identity by answering the questions related to each of these 3 elements. User IDs, passwords, secret questions, date of birth, etc., fall in the first category (What you know), while OTPs sent to your smartphone, a physical token or an access card belong to the second category (What you have) and the third category (Who you are) includes biometric authentication such as retina scan, fingerprint or voice recognition.

Multi-factor authentication is no guarantee of data safety, but it certainly reinforces your data security. While there are tools available in the market that you can purchase and deploy, you could also connect with an MSP to help you implement multi-factor authentication across your network smoothly.