A password can be your company’s greatest ally, or your weakest link.  If everyone in your organization follows the rules to create a fool-proof password, you could even survive a brute force attack. However, in the personal sphere, an army of strong passwords is a pretty high expectation for the average online user. In the age of social engineering and old fashioned snooping, a password was traditionally thought to be your best bet to take control of your online presence, but that might not be the way of the future.

24 is the number of accounts an average online user possesses.  If you create passwords strong enough to outlast an attack, this would mean you have 24 unique passwords.  Each password would have to be long, complex, and random.  They should contain an assortment of characters, capitalizations, and numbers, be changed on a routine basis, and not written down or typed into a spreadsheet.  Within these standards, creating 24 solid passwords and actually remembering them can be nearly impossible for the average online user.

Does this mean we’re setting ourselves up for failure sticking with the traditional form of a password?  In most cases, the answer to this question would be a resounding yes.  Take a look at the Top 500 Passwords and you’ll see for yourself.  People simply aren’t creating passwords as they should be created, despite knowing and understanding the risks associated with a flimsy password.

Where do we go from here?  Many cybersecurity firms are dabbling with the concept of killing the password altogether; however, like Gary Hummel, Chief Information Security Officer of the Arizona State Retirement said, “It seems we would have to endure a civilized meltdown if we removed this ‘convenience.’”  So if we can’t get rid of the password, the next step is to pair your password with a second factor, hence 2-factor authentication.

How does 2-factor authentication work?  There are many different forms of 2-factor authentication.  Each form adds an additional step to your login process, adding an additional layer of security to your account.  CNET, a dedicated online media outlet that reviews and educates the public on technology breakthroughs, separates these forms into three very basic categories: something you know, something you have, and something you are.

Something you know: This could be anything from a security question to a pin number to a pattern.  Just remember, you have to be careful when contemplating the creation of your second step.  Over the years, hackers have learned how to crack security questions through social engineering or perusing your online accounts.  Across their accounts, many people tend to use the same answers or choose answer types that aren’t too hard to narrow down.  As an example, ‘what is your favorite football team’ only has a few possible answers.

Something you have: Many companies seem to be leaning in this direction.  In fact, Yahoo recently announced they’ll gradually phase out their passwords for this form of 2-factor authentication.  When you attempt to login into your account, Yahoo will verify your credentials by sending a push notification to your phone.

Something you are: This form would include a second input such as a fingerprint or voiceprint; however, security experts assert it’s only a matter of time before hackers learn how to steal biometric indicators, as well.  Google, on the other hand, is working this from another angle, attempting to teach your device to recognize patterns. How you say things instead of what you say and how you type instead of what you type.

While society might not be ready to kill off passwords altogether, it’s in your best interest to check out 2-factor authentication.  If you’re not willing to use the extra security measure for every site, at the bare minimum apply it to your most valuable players, such as your password manager, banking institution, email, and anything connected to your credit cards.

If you’d like to enable 2-factor authentication to your online accounts, this feature can usually be found in the security settings.  If you’re unsure if your online accounts offer 2-factor authentication, look over this comprehensive list of which popular accounts do and do not offer the extra layer of security, as well as how to enable the feature for those sites that do include it.

View our IT support services.

Sources

http://qz.com/437920/is-it-time-to-finally-get-rid-of-the-password/

http://blogs.findlaw.com/technologist/2015/09/its-time-to-get-rid-of-passwords-5-alternatives-to-password-security.html

http://www.wired.com/2015/05/google-atap-passwords-vault-io/

http://www.wired.com/2015/09/dont-kill-password-change-password/

http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/