The Password is Dead: Introducing MFA

Nov. 01, 2017

Updated: November 5, 2018

As luck would have it, “password12345” just isn’t cutting it for account security anymore.

The password is dead: more and more headlines are using this phrase to describe severe security issues with the average password. It’s true that bigger and bolder hacks have recently put billions of passwords out there – a major risk for your online security. But why is this a problem with the passwords themselves? Actually, it isn’t — the problem lies with people.

Most people make four major mistakes with their passwords:

1. We make easy-to-guess passwords.

The top five passwords in 2018, which have changed very little in the past five years, are all variations of the numbers 1234567 & 8 OR are simply the word “Password” or the string of keys “qwerty.” Many people use their birth date or names of their family within their passwords as an easy way to remember it – but if a hacker has this basic information, guessing your password is a piece of cake.

3. We keep the same password(s) for a long time. 

68% of people are using a password five years or older. So if some long forgotten site you signed up for is hacked, and you’re still using the same password, they can use it to log into more of your accounts.

2. We don’t use enough passwords. 

54% of people use five or fewer passwords across all of their accounts. If one of these passwords falls into the wrong hands, all of your accounts are in danger. This is why the hacking of a single site, like Yahoo’s 2014 hack, can be so serious – most of those passwords were (and probably still are) used on other sites, including accounts with sensitive information.

4. We use passwords in unsafe ways. 

This can range from logging into an account using free public WiFi that’s not secured, or even using their own WiFi if a discovered vulnerability has not been fixed.

All of these mistakes add up to one larger mistake: not using MFA (multi-factor authentication). MFA is the method of using more than one security measure to confirm you are who you say you are. In a world of remote access, it’s the single barrier we have between weak passwords and opportunistic hackers. There are different types of authentication, the following being widely-used, key methods:

Knowledge based authentication

Using a PIN or “secret question” that you enter alongside your password. These are subject to the same vulnerabilities as your password, but are still something that can be used in conjunction with a password.

Biometric data

Like fingerprint scans or facial recognition. These are typically very secure, but can sometimes be difficult to easily use (think about all the times your phone didn’t read your fingerprint properly – or if you even use the fingerprint scan on your phone in the first place!

Security tokens 

The most widely used secondary authentication. The most common form uses your smartphone to generate a unique, random password when you are logging into your account. It’s highly unlikely a hacker has access to both your account information and your physical smartphone, while it’s highly likely you have your phone with you, which is why this is such a popular option.

Multi-factor authentication is important for both business and personal use. In your business, it allows for remote access away from the office while still keeping company information secure. Personal use protects an individual’s security, but given the previously discussed nature of passwords, it’s also incredibly helpful for a business to prevent one personal hacking incident from impacting the entire office. Multi-factor is easy to implement and cheap (Google Authenticator is free, although it has no centralized administration and is probably not a good choice for a business setting).

Here at Domain, we strongly encourage that all of the businesses we serve implement multi-factor authentication, and set it up to be as easy and efficient as possible. We see it as a great security measure that’s in line with our philosophy of being a proactive IT provider and cyber security specialist. THE BOTTOM LINE: With Domain’s help, you can say goodbye to passwords and embrace the future of MFA.

Was this article helpful?

For more information about how Domain Computer Services can benefit you.

Endpoint Security

Take the protection of your business to the next level. Many technologists and futurists claim the rate at which humankind evolves flatlines when compared to the evolution of technology. Ray Kurzweil, a renowned scientific thinker, inventor, and futurist, stated that...

Risky Business: Defining 3rd Party Vendor Risk

Hiring third-party vendors to provide services at an affordable rate has gained traction as a major trend among businesses, and exponentially so for businesses in need of IT support. Here’s the catch: “risk” is a pretty broad umbrella term, with no two vendors or regulators defining risk in the same way. To effectively create assessments for third-party vendors, let’s break “risk” down.