Blog
Why are passwords insecure?
February 29th, 2016
Too many organisations are still just relying on passwords to allow remote workers, partners and clients to access their business systems.
This generally presents an unacceptable level of risk to a business, passwords on their own are not secure.
How can passwords be breached?
- Given to or stolen by another employee
- Eliminating traceability of actions on the IT systems.
- Cracked by an external or internal entity
- Via specialist hacking/cracking software and experience.
- Recorded by spyware software
- Installed via a virus or other malicious software.
- Phished
- Directing the user to a copy of your login systems to facilitate theft.
- Given out to a 3rd party unintentionally
- Staff can often be tricked by sophisticated social engineering.
- Stolen in transit
- Unsecured networks can often facilitate password theft.
As you can clearly see the number of risks to a user’s password are significant. They are old and proven methods to in effect steal passwords and use them for malicious intent, such as to enter systems and steal information, hold firms to ransom and the like. Passwords have been insecure for some time, yet many businesses don’t close the hole unless they have a significant security breach. The fact that underground communities swap and trade access details makes this even worse. There’s money in knowing passwords, thus you can buy them online!
How can you increase your security levels?
It’s actually fairly simple to up your levels of security and protect against these risks. You can make your remote system access robust by simply implementing multi-factor authentication as a minimum level of security. It doesn’t make your system hack-proof of course, but it does dramatically increase the security level of systems.
What is two-factor authentication?
Two-factor authentication simply means you use two elements to access your systems, something you know (your password) and something else, i.e. a token device. You may have one for access to your bank, they’ve been in use for years. You can also have the same technology installed as an app on your smartphone.
The fact that you must have at least 2 elements to log in naturally increases your level of security. Every time you log in you must for example first enter your password and then you must enter a unique number which changes say every 5 seconds. Now it doesn’t matter if someone knows your password as they don’t also have the token with the ever-changing number. On the flip side, if you lose your token on the train and someone picks it up, they won’t be able to access your account as they probably don’t know where you work and most importantly they won’t know your password.
It all sounds very simple. That’s because it is. All firms who have people accessing their systems from outside the corporate firewall should be using multi-factor authentication. Actually, it also makes sense for those within the firewall to use it. It’s inexpensive, straight-forward and now a necessity. Passwords on their own are not secure and the threat landscape is changing all the time Organised crime gangs and lone-wolf hackers are on the hunt to extort and steal money from firms – many are sitting ducks.
NEXT>> 9 red flags which should make you doubt an email
The benefits of flexible working for law firms
Flexible working is slowly becoming more common in the legal sector, with numerous firms announcing plans to implement the practice in the last few months or, at the very least, exploring the idea. This increase is a response to numerous issues affecting law firms, whether it’s improving work/life balance for employees, the challenge of having […]
In the press: Solicitors told to up security after couple loses £45,000
Law firms have been urged to increase security measures in the wake of online scams where hackers pose as solicitors. In a recent case published in the Daily Mail Online, a newlywed couple lost their £45,000 deposit for a three-bedroom home in Bishops Stortford in Hertfordshire after sending the money to a hacker rather than […]
Which type of IT support is best for my business?
One of the easiest ways for companies to gain other business efficiencies is to outsource part, or all, of their IT to a managed services provider. There are many options available and in today’s blog, we will discuss what each one will typically include. While the exact names may vary dependent on the provider, the following […]