Password security is a prevalent subject among companies and users who are concerned with account compromise, yet many companies still fail to acknowledge the security concerns rising from password use. Recent examples include password hacking incidents against Mitt Romney, a well-known dating site, and the largest professional networking site—all related to password hacking.
The truth is that passwords in their own, without any additional measures, are not very secure. When a password is the only thing between sensitive data and those that wish to steal it, all efforts to hack into an account are directed towards one particular objective: the password.
In its most recent report, Imperva cites a study for Unix password, highlighting the striking similarity between password selection back in 1990 and now. The study showed that users chose very weak passwords to protect even the most private data. It seems that little has changed over the years, a 2012 Global Security Report by Trustwave reveals “Password1” as the most common password used in business.
Businesses that require users to have login credentials need a very solid strategy to strengthen password security, and a clear plan on how to react when crisis strikes.
Below we outline a quick start guide to strengthen password security.
Request strong passwords
Having users choose their own passwords without providing any guidelines can have disastrous consequences. Ensure that your users or employees choose strong passwords by enforcing a minimum length, use of numbers, and upper case characters.
Trigger password updates regularly or when suspicious activity is detected
Solutions that trigger authentication after suspicious activity enable companies to protect accounts even when passwords have been compromised.
Implement two-factor authentication
In addition to passwords, the implementation of a second factor of authentication serves as a second layer of security. When account credentials have been compromised, the perpetrator would also need to have the second factor of authentication in order to login.
Fraud prevention strategies vary depending on company needs, however a solution easy to implement and scalable like two-factor authentication can make use of the users’ own phone, which makes it easier for the user and for the businesses’ budget.