Blog
Why are passwords insecure?
February 29th, 2016
Too many organisations are still just relying on passwords to allow remote workers, partners and clients to access their business systems.
This generally presents an unacceptable level of risk to a business, passwords on their own are not secure.
How can passwords be breached?
- Given to or stolen by another employee
- Eliminating traceability of actions on the IT systems.
- Cracked by an external or internal entity
- Via specialist hacking/cracking software and experience.
- Recorded by spyware software
- Installed via a virus or other malicious software.
- Phished
- Directing the user to a copy of your login systems to facilitate theft.
- Given out to a 3rd party unintentionally
- Staff can often be tricked by sophisticated social engineering.
- Stolen in transit
- Unsecured networks can often facilitate password theft.
As you can clearly see the number of risks to a user’s password are significant. They are old and proven methods to in effect steal passwords and use them for malicious intent, such as to enter systems and steal information, hold firms to ransom and the like. Passwords have been insecure for some time, yet many businesses don’t close the hole unless they have a significant security breach. The fact that underground communities swap and trade access details makes this even worse. There’s money in knowing passwords, thus you can buy them online!
How can you increase your security levels?
It’s actually fairly simple to up your levels of security and protect against these risks. You can make your remote system access robust by simply implementing multi-factor authentication as a minimum level of security. It doesn’t make your system hack-proof of course, but it does dramatically increase the security level of systems.
What is two-factor authentication?
Two-factor authentication simply means you use two elements to access your systems, something you know (your password) and something else, i.e. a token device. You may have one for access to your bank, they’ve been in use for years. You can also have the same technology installed as an app on your smartphone.
The fact that you must have at least 2 elements to log in naturally increases your level of security. Every time you log in you must for example first enter your password and then you must enter a unique number which changes say every 5 seconds. Now it doesn’t matter if someone knows your password as they don’t also have the token with the ever-changing number. On the flip side, if you lose your token on the train and someone picks it up, they won’t be able to access your account as they probably don’t know where you work and most importantly they won’t know your password.
It all sounds very simple. That’s because it is. All firms who have people accessing their systems from outside the corporate firewall should be using multi-factor authentication. Actually, it also makes sense for those within the firewall to use it. It’s inexpensive, straight-forward and now a necessity. Passwords on their own are not secure and the threat landscape is changing all the time Organised crime gangs and lone-wolf hackers are on the hunt to extort and steal money from firms – many are sitting ducks.
NEXT>> 9 red flags which should make you doubt an email
4 essential things to do before you outsource your IT project
In today’s blog, we will be discussing four things you should do before meeting with providers to who you will potentially outsource your project to. 1. Determine your goals first Whilst you may think you need to have an extremely detailed project plan before approaching providers, you may end up missing out on expertise. A […]
Top 8 business technology trends for 2017
Technology is consistently evolving and developing at such a pace that it can be difficult to keep up with the latest trends, and most articles tend to focus on the developments in the consumer sphere. I’ve compiled a list of trends from an IT perspective and how they will apply to and affect the business world in 2017. […]
In the press: How will digitising courtrooms impact firms?
This plan to move the justice system from a paper-based system to an online one has actually been in the pipeline for several years but has only now received the investment it needs to roll out the process. In the Autumn Statement, a huge investment of £1.8bn was pledged to introduce new technology across a range […]