Even though repeatedly reminded by various media to select strong passwords and not to reuse them across multiple Websites and services; online users seem to remain laid back when it comes to their password security. Moreover, just selecting unique password over different services and websites is not enough because now it has become extremely easy to steal passwords using phishing emails or by installing keyloggers on a target computer. Therefore, security experts suggest taking a multi-layered approach to password security. Through this approach, you make it harder for cyber-attackers to steal confidential data by implementing several mechanisms so that there is more than only one point of failure. Multi-layered security is difficult to breach; however, a motivated attacker can even get past this security.
Why Do Companies Avoid Too Much Security?
The number one reason why organizations don’t put up too much security is that they think that this way they will frustrate their users and they will get annoyed and go elsewhere. Nevertheless, organizations should realize that some inconvenience caused due to strict security will result in a significant security boost. Any organization’s implementing strict security can not survive without users’ cooperation. And in case of security and data breach, the blame should not solely go to the vendor for not taking proper security measures.
New Security Measures
These days, many organizations; especially banks have added additional security like image verification and hardware tokens. These may seem a little tedious, but at the end of the day it is always good to be overprotected than the opposite. Some other forms of protections include forcing users to change passwords regularly, multiple security questions, and making sure that the passwords aren’t dictionary words or being reused. In the times when malware can easily intercept that information, unique passwords alone can not assure Security. Security experts recommend implementing user authentication based on a combination of what the user knows, like a password, and what the user has, like hardware token. This hardware token randomly generates a passcode every 30 seconds. Two-factor authentication is seen to be implemented by some major Websites, including Google and Facebook, which is based on user phones to access their services. Now Gmail users, who opt for two-factor authentication, have to enter their user name and password as usual. Then, they receive a six-digit code via their Smartphone or short message service, which has to be entered on the verification page. Some banks have also implemented two-factor authentication. This is implemented by hardware tokens, similar to the SecurID tokens from RSA Security. This token randomly generates passcodes that users enter on online banking sites. This DIGIPASS cloud service, thus allows users to access applications, after verifying their identity. “Security in Cloud based applications have been further improved,” says Ray Wizbowski, global director of marketing and communications in the security business unit at Gemalto. He suggests that authentication should be a unique combination of the physical device and password. Identity-based information would always prove to be a stronger verification because the user is the one accessing the cloud data. Well, there is no end to what we can do to secure our passwords and to avoid data breaches. The fact remains, it is difficult to protect from attacks and secure VPN with firewalls have surely become the need of the time. With online hackers at loose, you never know when you may fall prey to the most hideous security breach ever!