Summary

Passwords are no longer enough to protect information systems or online accounts.

Are you really safe online?

Gone are the days when the word ‘password’ or code ‘0000’ provided adequate security for your online activities. But are you aware of the latest techniques that you should be using to keep you and your customer’s personal information safe and provide a secure environment for your business activities? We have provided these invaluable pointers to one of our Information Security Management clients and I thought they were worth sharing with our blog readers.

Authentication

Authentication is the process of verifying a subject’s claimed identity.

Authentication can be based on any of three factors:

  • Something you know such as a password or a PIN number for examples
  • Something you have, such as a mobile phone or a smart card
  • Something you are, such as a fingerprint or iris characteristics

Two factor authentication

This requires two of the above factors for authentication. Three factor authentication (the strongest authentication) requires all three factors for authentication.

Protecting your online world

In my experience people are unaware that many of their favorite and most used online accounts have this extra layer of security available. As business and consumers push more data into the cloud two factor authentication becomes ever more important.

So, for example two factors can be something you know (a password) and something you have (your smartphone). “Google Authenticator” (there are other similar Apps available) is an app which is available for most smart phones than generates 2-step verification codes on your phone.

In addition to your username and password you input a short verification code, generated by an App on your smartphone when logging into your Google account for example. For a hacker to gain access to your account they would require your username, password and access to your phone.

These accounts also have two factor login available:

Dropbox

Dropbox uses either the Google authenticator App or coded texted to the users phone upon login.

Windows Web Mail

Currently windows web mail outlook.com has selective two factor login, so the user can if they want generate a code if they are logging in from an unknown or untrusted device. The feature cannot be enabled for all logins.

Online Banking

Most major banks now force users to use a token device to login to their accounts, this is where most customers have experienced two factor login.

Facebook

Facebook has a feature they call Login Approvals, which is a security feature that requires you to enter a code that is texted upon login from unrecognised computer.

Paypal

The user can either have a code texted to their mobile device or order a special code generating token.

In summary, as a user welcome the additional authentication routes offered by online operators, rather than seeing them as a hindrance. As a web owner make sure you put in place adequate security so that your customers feel secure online and will favour your site over less robust ones. And for businesses providing online access to systems and data via the Cloud follow best practice (perhaps by complying with the ISO 27001 information security management standard) to protect your company from hacker attacks and careless employees.