We have been calling users the weakest link because they don’t use strong passwords, click on stuff they shouldn’t and give away too much sensitive information. But shouldn’t some of this responsibility lie with the organization and sites they access online? Knowing that weak passwords are an issue, why is it taking so long to fix the problem?
Two-factor and multi-factor authentication methods have been around for a while but are not as widely in use as they probably should be. Why? There are lots of reasons; costs, implementation, administration and user buy-in. The use of 2FA/MFA can help reduce risks associated with weak passwords.
What about end-user training? Why is it so difficult to implement an ongoing awareness program to condition users to recognize the every day perils waiting for them in the cyber world? Again, costs? Lack of personnel? Time? Your end users are the first line of defense against social engineering attacks. Education and recognition can lessen the exposure of sensitive data.
How about biometrics like finger and face scanning? Surely those are great implementations in helping secure access to resources. But these features are not available on all devices or sites.
Setting strict rules for password creation for access to secure apps and sites can be another control organizations can set in place. Use of a password checker can help ensure bypasses of creating easily guessed key words.
Now Google, Microsoft and Mozilla have all released enhanced features within the last year to generate secure passwords and monitor if your password has been used on a breached site. By embedding these safeguards into their browsers, these companies are attempting to steer users in the right direction of password security.
These are all good steps to helping solve the password problem. Passwords are going to be around for quite a while, and taking the appropriate steps to make them more secure will keep your users and organizations safe from a breach.
No one wants to be tomorrow’s headline.
Resources:
How Secure is my Password?
Firefox Secure Password Generator
New Password Protections in Chrome
Security Design: Stop Trying to Fix the User
Microsoft Edge Strong Password Generator