Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Op-Ed: Not your dad’s password – Maintaining critical information, system security in the new world

Passwords may be one of the oldest forms of guaranteeing information and system integrity and security, yet often overlooked in favour of more advanced methods like facial recognition or finger print scanning. Despite this, the humble password is still a powerful tool for maintaining information and system security, but it needs to be done effectively, explains Mark Sinclair, ANZ director of WatchGuard Technologies.

Passwords may be one of the oldest forms of guaranteeing information and system integrity and security, yet often overlooked in favour of more advanced methods like facial recognition or finger print scanning. Despite this, the humble password is still a powerful tool for maintaining information and system security, but it needs to be done effectively, explains Mark Sinclair, ANZ director of WatchGuard Technologies.

Start a conversation about IT security and it won’t be long before the subject of passwords is raised.

Advertisement
Advertisement

A cornerstone of security infrastructures for years, passwords when used as the sole authentication method have become a real security challenge for businesses. This is mainly due to the inherently insecure nature of passwords. Lax practices such as writing them down and never changing them can make them a relatively easy gateway into centralised IT resources.

As a result, some envision a password-less future where other security measures will take their place. If replaced by just biometrics or a hardware token then it is still only offering a single factor of authentication. While probably better than a password, these still fall well short of strong authentication.

To secure business assets, strong authentication should feature multiple factors of authentication:

  1. Something you know (a password or a PIN);
  2. Something you have (a security token or smartphone);
  3. Something you are (a biometric); and
  4. Somewhere you are (geolocation).

A layered approach

Passwords are destined to remain key when creating secure infrastructures, but will represent just one component of a more sophisticated authentication process.

PROMOTED CONTENT

For this reason, ensuring passwords remain secure is important. Some of the steps that can be taken to ensure this include:

  • Use long passwords of more than 16 characters to improve their security against brute-force attacks;
  • Consider using non-English words to help guard against so-called ‘dictionary attacks’; and
  • Adopt a password manager to avoid having to remember large numbers of individual passwords for different applications.

The importance of multi-factor authentication

An effective layered approach to security uses multi-factor authentication (MFA). Passwords are one element of MFA, which also requires other factors such as a generated PIN or fingerprints and facial scans.

It’s important to note, however, that not all MFA platforms are created equally, and some are more secure than others. For example, the most common approach where a user receives a text message containing a generated code that must be entered to gain access to a system – has a weakness because it is possible for a hacker to intercept the message and gain access.

A much better approach is to adopt a push notification-based solution. This approach makes use of an encrypted channel to send authentication request verifications to a user’s smartphone. Because of the way in which this notification is sent, it is significantly more secure than a text message-based equivalent. It is also just as convenient.

To make things even more secure, organisations can require users to use a third type of authentication when requesting access. For example, users may need to enter a password, a secure push notification, and offer a biometric factor such as fingerprint. All three must be provided before any access is granted.

While there many initially be pushback from users when required to take these extra steps, the additional security they provide is well worth the effort. Take the time to explain to your IT users why the new requirements are being put in place and the benefits that they deliver.

Maintaining passwords as part of an MFA-based authentication system makes sense and is likely to remain the best approach for organisations for some time to come. If you are still relying on passwords alone, now is the time for change.

Mark Sinclair is the ANZ regional director of WatchGuard Technologies.

For over 20 years, WatchGuard has pioneered cutting-edge cyber security technology and delivered it as easy-to-deploy and easy-to-manage solutions. With industry-leading network and endpoint security, secure Wi-Fi, multi-factor authentication, and network intelligence products and services, WatchGuard enables more than 80,000 small and midsize enterprises from around the globe to protect their most important assets, including over 10 million endpoints.

In a world where the cyber security landscape is constantly evolving, and new threats emerge each day, WatchGuard makes enterprise-grade cyber security technology accessible for every company. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia-Pacific, and Latin America.

Op-Ed: Not your dad’s password – Maintaining critical information, system security in the new world
Mark-Sinclair-WatchGuard-Technologies.jpg
lawyersweekly logo

 

more from defence connect

Maritime Museum welcomes items from Operation Jaywick
07:40
Maritime Museum welcomes items from Operation Jaywick
Historical items associated with Operation Jaywick have been added to the National Maritime Collecti...
07:35
Rheinmetall, Northrop Grumman sign munitions integration deal
The primes have agreed to collaborate to develop new integrated, long-range ammunitions technology....
07:30
Airbus A400M passes air-to-air refuelling test
The prime is one step closer to securing air-to-air refuelling certification for its A400M helicopt...
FROM THE WEB
Recommended by Spike Native Network