Passwords aren’t history, nor are they the only tools we should turn to create a safer environment for users of our products – and therefore for the protection of corporate information.
For businesses, it is important to consider that using passwords as only authentication factor can create a false sense of security and risky situations. The reasons are varied:
- Users who create too simple passwords (dates, names or obvious combinations);
- Users who store their passwords inappropriately;
- Shoulder Surfing (a technique that consists on spying a user type a code in an electronic device without their notice); Etc.
System authentication process has great relevance to protect your information and this topic should be the focus of careful evaluation when your company is acquiring or migrating to a new technology. Recent episodes of large data leaks (such as Equifax) show the damage that authentication failures can cause to businesses.
Download now: Cibersecurity Pocket Guide I
Three Authentication Factors
Passwords should be considered as the first factor of authentication: what you know. They are the weak link. What the user knows is often targeted by social engineering schemes or brute-force attacks and could fall into the hands of the wrong people.
Therefore, the importance of the second factor of authentication: who you are. Several organizations are turning to new technology applications to determine user identity by adopting biometrics or iris reading on their devices. This alternative is increasingly popular, especially with the possibility to explore mobile devices (such as smartphones) to that end.
In terms of digital security, every company needs to have a third factor of authentication: what you have. That security goal is met by digital certificates, which are electronic documents that serve to attest to the identity of an organization or user in the digital world. Certificates are issued by Certificate Authority, that has credibility to attest to the validity of the document and, consequently, the identity of the access request.
The Advantages of Authentication Techniques
Combining two or more authentication factors is a good security practice for businesses. Although cybercrime techniques are capable of creating schemes to bypass security, the purpose of combining these factors is to make undue access to information more difficult, creating new layers and different features for authentication and validation.
Another argument in favor of more authentication factors is that, after large-scale leaks that have occurred recently, users, whether corporate or end-users, have perceived value to protecting their accounts and data.
It is important noticing that the use of one or more authentication factors may also depend on the type/level of risk associated with the information or privileged user. The more relevant the target, the more need for a new factor.
Blog and media: Read more articles like this
With more than 5,000 clients, Blockbit is one of the leading manufacturers of cybersecurity solutions, empowering businesses to protect themselves against a wide range of threats, vulnerabilities, and cyberattacks, whether internal or external, generic or specific.