What’s better than a password for security?

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Password security

We all have the same challenge when it comes to password security.  We have to remember so many passwords for so many applications that it becomes impossible to keep track and remember them without using ones that are easy to remember or one’s that we use elsewhere. We’ve all used our pet’s name, our partner’s name, with a number added, and when we need to change it, we increase the number by one.

The obvious risk around that is if someone harvests your password, or if your password is easy to guess, then hackers have access to your applications – including business applications – and that will lead to whole load of trouble.

Credential harvesting is top of the list when it comes to recent scams and can lead to businesses losing tens of thousands of dollars, particularly through fake invoices. We’ve seen very public instances where hackers have gained malicious access to email and have been able to create false invoices, resulting in businesses paying the invoices because they thought it was legitimate.

We can try making the passwords more complex, forcing people to include #@$%&* with at least 8 characters and making them change the passwords every 30 days, as well as not allowing them to use the last 24 passwords they’ve used, etc.

However, this can result in people using the same password for multiple accounts, or recording it on paper and sticking it to their monitor with the infamous yellow sticky note! Defeating the intended security policy.

So, what can be done?  Well, there are some solutions:

1. Password Managers

This solution allows you to save your web/cloud-based credentials inside the password manager and allow the password manager to set a complex password for the application. Password managers such as Dashlane and LastPass are accessed by a ‘master’ password. The pros and cons include:

Pro Con
Can be used personally or in business (personal is usually free) If you forget the master password, then you’ll lose access to your other passwords
Easy to set up complex passwords Controls are limited
Accessible on multiple devices If someone obtains your master password, then they have access to all of your accounts
They can protect more than passwords

Read in-depth password manager reviews for more guidance about the best password manager for your business.

2. Single Sign-on (SSO)

Commonly, SSO is a corporate solution that allows the set-up of applications inside the SSO and are accessed by a single password. Policies can be set up centrally by an administrator to control which applications users can access and how passwords are configured. Examples are OneLogin and Okta.

In our personal life, SSO we commonly use is our Facebook credentials to log into other apps. Some pros and cons include –

Pro Con
Centralised control If the SSO solution goes down, users would lose access to all sites
Easy access to applications May not cover all systems in use
Easy to control If someone obtains your SSO password, then they have access to all of your accounts

3. Multi-factor Authentication (MFA)

MFA provides a secondary layer of credentials that need to be provided in order to access the application. We’ve probably all been using MFA without realising it when we make bank payments and need to input the SMS code we’ve received.

There are various methods of MFA. The most common ones are:

Possession factors: If a person has a specific device on their person, like a key card or a smartphone, they have access to several forms of multi-factor authentication procedures. Common smartphone MFA methods are SMS, Google and Microsoft Authenticator.

Biometric scanning: facial-recognition software, finger or thumb prints, voice recognition software, hand shape, and other physical variables.

Location factors: GPS tracking, used in many smartphones, can be used to ensure that logins are from legitimate devices rather than from malicious devices.

Pros and cons include:

Pro Con
Much more secure than having a single password as protection Device based MFA – if your device runs out of battery you won’t be able to log in.
SMS messages are extremely convenient Some more disreputable services may use your number for advertising
Biometrics are extremely difficult to hack A compromised biometric is compromised for life.

Most cloud-based/web-based applications now come with the ability of using multi-factor authentication for free.  These include Office 365, Xero, Zoho, GSuite, Salesforce and a host of others.

I use a combination of password managers, single sign-on and multi-factor authentication in my business and personal life.

If you haven’t started looking at any, you should be looking at least at MFA to improve your application security quickly and easily and then putting a strategy in place to deal with replacing or strengthening your password security.

If you’d like to chat further about how Surety IT can assist with your password challenges please call us on 1300 478 738 or Email Us.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top