You’ve been warned over and over again: Create strong passwords or face the consequences.
Produce different passwords for each application you use; get a password locker; avoid easily identifiable information in your passwords and, whatever you do, don’t ever give them out.
Turns out, all that hoopla about passwords might soon become irrelevant.
Technology officers are changing course when it comes to passwords and instead opting for token identification and multi-factor authentication to safeguard personal data. These cybersecurity methods are more secure and convenient for users.
Passwords might not become completely illegitimate, but instead will likely represent just one component of larger, more comprehensive ways for individuals to access their personal data in the future.
The Problem with Passwords
Passwords pose a couple problems. For starters, they showcase how lazy we can be.
How many times have you taken the easy route with a password when signing up for a service or creating a new account? We don’t create impenetrable passwords because doing so only adds to our list of things to remember, and it takes time.
On top of our desire for convenience, not everyone has gone through the mandatory 30-minute session organized by IT that, if done well, emphasizes the risk a poor password creates. Unfortunately, we can rest assured that there are those who still throw “12345” on the end of their passwords.
Add to this the fact that hackers continue to become more skilled at decoding passwords and it’s no wonder tech professionals are straying away from them as a sole form of data protection.
Using Multi-factor Authentication
In Multi-factor Authentication (MFA), passwords are just the first line of defense. This security method uses two or more forms of authentication to verify a user is who they say they are.
For the sake of simplicity, let’s look at a basic example of MFA.
Say you’re logging onto your work computer and want to connect to its Virtual Private Network (VPN). To log in, you first enter a username and password. This is your first form of verification. Once you’ve done this, you then receive a phone call in which an automated voice asks you to enter a certain numeric code. The phone call is the second method of authentication.
MFA is a more effective cybersecurity tool than a password because it forces a user to provide verifying-information twice. And, theoretically, it’s less likely that someone will know (or guess) your password and get a hold of your cell phone. By calling you, the system has a higher level of confidence that it is indeed you that’s trying to access the system.
Biometrics and token authentication are additional methods gaining popularity. Both are thought to be more effective than passwords.
Cybersecurity news can be a scary read.
We’ve recently been bogged down with ransomware headlines and the potential for quantum computing to override encryption. Hacks and data breaches have the potential to create full-blown emergencies for companies or, in some cases, entire towns.
MFA is one defense mechanism against such occurrences. And although not fail-safe, proving multiple layers of authentication helps to reduce the risk of a cyber attack.
Sunrise Banks uses MFA on its digital banking processes, both external and internal. We pride ourselves on keeping client and employee information safe. For more information on Sunrise Banks’ security practices, visit our security center.