Why are passwords insecure?
February 29th, 2016
Too many organisations are still just relying on passwords to allow remote workers, partners and clients to access their business systems.
This generally presents an unacceptable level of risk to a business, passwords on their own are not secure.
How can passwords be breached?
- Given to or stolen by another employee
- Eliminating traceability of actions on the IT systems.
- Cracked by an external or internal entity
- Via specialist hacking/cracking software and experience.
- Recorded by spyware software
- Installed via a virus or other malicious software.
- Directing the user to a copy of your login systems to facilitate theft.
- Given out to a 3rd party unintentionally
- Staff can often be tricked by sophisticated social engineering.
- Stolen in transit
- Unsecured networks can often facilitate password theft.
As you can clearly see the number of risks to a user’s password are significant. They are old and proven methods to in effect steal passwords and use them for malicious intent, such as to enter systems and steal information, hold firms to ransom and the like. Passwords have been insecure for some time, yet many businesses don’t close the hole unless they have a significant security breach. The fact that underground communities swap and trade access details makes this even worse. There’s money in knowing passwords, thus you can buy them online!
How can you increase your security levels?
It’s actually fairly simple to up your levels of security and protect against these risks. You can make your remote system access robust by simply implementing multi-factor authentication as a minimum level of security. It doesn’t make your system hack-proof of course, but it does dramatically increase the security level of systems.
What is two-factor authentication?
Two-factor authentication simply means you use two elements to access your systems, something you know (your password) and something else, i.e. a token device. You may have one for access to your bank, they’ve been in use for years. You can also have the same technology installed as an app on your smartphone.
The fact that you must have at least 2 elements to log in naturally increases your level of security. Every time you log in you must for example first enter your password and then you must enter a unique number which changes say every 5 seconds. Now it doesn’t matter if someone knows your password as they don’t also have the token with the ever-changing number. On the flip side, if you lose your token on the train and someone picks it up, they won’t be able to access your account as they probably don’t know where you work and most importantly they won’t know your password.
It all sounds very simple. That’s because it is. All firms who have people accessing their systems from outside the corporate firewall should be using multi-factor authentication. Actually, it also makes sense for those within the firewall to use it. It’s inexpensive, straight-forward and now a necessity. Passwords on their own are not secure and the threat landscape is changing all the time Organised crime gangs and lone-wolf hackers are on the hunt to extort and steal money from firms – many are sitting ducks.
What is the cost of cloud computing?
One of the most commonly cited benefits of the cloud is its potential to reduce and optimise IT spend. With your data being stored in the provider’s data centre, you no longer require costly server equipment in-house, nor the cooling equipment, electricity bills and maintenance costs that come with it. There are also no hardware […]
How to create an effective IT strategy
What is a traditional IT strategy? This is usually a structured and ordered process which produces a long-term view of the business’s technology requirements and a plan for meeting these needs. A traditional IT strategy will usually plan ahead for the next three to five years and begin by identifying what business capabilities will be […]
How to increase security & better protect your insurance firm
In recent years insurance firms have been targeted by numerous cyber attacks, both internal and external, including those by disgruntled former employees and organised cybercriminals. With the UK insurance industry alone managing investments of £1.9 trillion it is no surprise these firms are such an attractive target. Not only do these firms have a lot […]