Security Lessons Learned from 2014 – Authentication & Passwords

Image via kirguru.net

It’s a new year and as we look back at 2014, many businesses are discovering that last year was only the tip of cyber security hacks and security breaches. Last year will forever be known as “the year of the breach” with major security and data breaches happening to several major companies throughout the year. Businesses have begun to see the consequences of security lacks for various reasons.
The poster child for the year has to go to Sony, who’s nearly two month security breaches went international and highlighted many of the issues that businesses have long forgotten. While many may point to the initial release, then cancellation, then re-release of the controversial movie The Interview, Sony’s problems actually began from very small roots.

Authentication & Passwords

Passwords, for the moment, are a part of our lives, but as we’ve discovered they are also some of the weakest points of security that both businesses and consumers have. Sony’s troubles, for instance, began because of a file that was labeled passwords and contained all of the company’s secured passwords; for many people, the use of the same password across multiple devices may be easy to login, but also carries the danger of being breached when someone else is able to guess the password.

Businesses, especially those who use third party contractors, have to not only look at their own internal company passwords, but that of the vendors they work with. In the case of the Target security breach, hackers were able to use a third party vendors’ log in to access their systems.

We can’t give up passwords, but there are other ways. Authentication, for instance, is becoming a bigger consideration, especially as the technology continues to grow and the push back from these breaches becomes all to real. What is authentication? In short, it’s the process of determining that someone is who they say they are; in many cases, this is another layer to the use of passwords, as the person must confirm that they are the person they say they are.

People may be familiar with authentication – CAPTCHA for instance, the extra measure that prevents bots by making the user type in a code or set of numbers, is a type of authentication method. Another is two-step verification, where the user is asked to enter a code that has been sent either via email or to their mobile phone; two step verification is a type of multifactor authentication, where the user has to provide more than just a password in order to log in. The idea of MFA, especially since 2014, is becoming a bigger issue, as security experts and businesses find better ways of logging into systems and keeping data secured past the traditional password.

At the recent Consumer Electronic Show (CES), vendors showed off different means of users being authenticated, everything from wearable tech to biometrics. The hope is to finally one day be without the cumbersome and easily guessed password system and instead be able to be authenticated through other means, such as a fingerprint, facial recognition, and Fast ID Online (FIDO).


LogonBox Password Self Service

Like that? Check these out: