What’s better than a password?

Share on facebook
Share on twitter
Share on linkedin
Share on pocket


We all have the same problem and that is passwords and their security.  We have to remember so many passwords for so many applications that
it becomes impossible to keep track and remember them without using ones that are easy to remember or one’s that we use elsewhere.  We’ve
all used our pet’s name, our partner’s name, with a number and when we need to change it, we increase the number by one.

The obvious risk around that is if some-one harvests your password or if your password is easy to guess then hackers have access to your
applications including business applications and that will lead to whole load of trouble.

Credential harvesting is top of the list when it comes to recent scams and can lead to businesses losing tens of thousands of dollars,
particularly through fake invoices.  We’ve seen very public instances where hackers have gained malicious access to email and have been
able to create false invoices, resulting in businesses paying the invoices because they thought it was legitimate. (reference –  https://www.smartcompany.com.au/technology/brisbane-retailers-warns-businesses-vigilant-cyber-crime/)

We can try making the passwords more complex, forcing people to include #@$%&* with at least 8 characters and making them change the
passwords every 30 days as well as not allowing them to use the last 24 passwords they’ve used etc.

What this sometimes does though is get people to set all of their passwords to the same password or them ending up writing it down and
sticking it to their monitor with the infamous yellow sticky note!  Defeating the intended security policy.

So, what can be done?  Well, there are some solutions, which can help –

1. Password Managers

This solution allows you to save your web/cloud-based credentials inside the password manager and allow the password manager to set a
complex password for the application.  The password manager is accessed by a ‘master’ password.  Examples are Dashlane and Lastpass.  Some
pros and cons include – 

Pro Con
Can be used personally or in business (personal is usually free) If you forget the master password, then you’ll lose access to your other passwords
Easy to set up complex passwords Controls are limited
Accessible on multiple devices If some-one obtains your master password, then they have access to all of your accounts
They can protect more than passwords  

2. Single Sign-on (SSO)

More of a corporate solution that allows the set-up of applications inside the SSO and are accessed by a single password.  Policies can be
set up centrally by an administrator to control what applications users can access and how passwords are configured.  Examples are OneLogin
and Okta.

In our personal life, we’re using SSO, for example Log-in with Facebook credentials.  Some pros and cons include – 

Pro Con
Centralised control If the SSO solution goes down, users would lose access to all sites
Easy access to applications May not cover all systems in use
Easy to control If some-one obtains your SSO password, then they have access to all of your accounts

3. Multi-factor Authentication (MFA)

This provides a secondary layer of credentials that need to be provided in order to access the application.  We’ve probably all been
using MFA without realising it when we make bank payments and need to input the SMS code we’ve received.

There are various methods of MFA.  The most common ones are –

Possession factors: If a person has a specific device on their person, like a key card or a smartphone, they have access
to several forms of multi-factor authentication procedures.  Common smartphone MFA methods are SMS, Google Authenticator and Microsoft
Authenticator.

Biometric scanning: facial-recognition software, finger or thumb prints, voice recognition software, hand shape, and other
physical variables.

Location factors: GPS tracking, used in many smartphones, can be used to ensure that logins are from legitimate devices
rather than from malicious devices.

Some pros and cons include – 

Pro Con
Much more secure than having a single password as protection Device based MFA – if your device runs out of battery you won’t be able to log in.
SMS messages are extremely convenient Some more disreputable services may use your number for advertising
Biometrics are extremely difficult to hack A compromised biometric is compromised for life.


Most cloud-based/web-based applications now come with the ability of using multi-factor authentication for free.  These include Office 365,
Xero, Zoho, GSuite, Salesforce and a host of others.


I use a combination of password managers, single sign-on and multi-factor authentication in my business and personal life. 

If you haven’t started looking at any, you should be looking at least at MFA to improve your application security quickly and easily and
then putting a strategy in place to deal with replacing or strengthening your password security.

If
you’d like to chat further about how we can assist with your password challenges or you don’t know where to start please call us on 1300
478 738

or email us at 
info@suretyit.com.au.


About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top