This article takes a view of today’s authentication methods and reasons on why using password-protection as a data security option is still relevant in today’s environment.
Various observations in the past have reaffirmed the importance of password-protection as a security mechanism for data. Most observers believed that passwords would soon be replaced by a stronger more reliable security measure against data breach.
The Way Ahead For Authentication
This, however, has led many to stop focusing on using passwords for protecting their data. Some even keep their information open, and instead rely on a more external data security protocol that is away from their data. This may cause a serious problem, since passwords will remain as the sole part of our authentication method for a long time, even when much stronger authentication factors are deployed.
Terms like Biometrics, Tokenization, and smart cards are here and are being used, albeit with their own distinct flaws. With tokenization, additional hardware needs to be arranged, which means extra purchases. With biometrics, extra hardware is also required. The additional pain of not being able to accommodate certain users does not make it feasible. With smart cards, integrating card readers in every endpoint device does not gel well with a streamlined fluid mechanism. The additional PKI certificate payload also adds on to the bulkiness of such systems, as organizations will need to implement and manage a public key infrastructure as well.
To make matters worse, the recent RSA SecurID, a one-time password token and considered one of the strongest data security mechanisms, was recently compromised. Similarly, biometrics are prone to playback attacks or password injection by compromising a password database. Mobile phones are also vulnerable to hacker attacks through fake base stations that can snatch the calls made to a GSM tower and redirect user calls to their PC, making intercepting calls and getting details on caller information a breeze.
With so much at stake, implementing these security measures not only involves huge costs to be incurred, but such measures have also been prone to attacks, as recent times have shown. And that brings us back to passwords.
Besides the hassle of having to remembering them, passwords are easy to implement, pretty much user-friendly, inexpensive, and extremely scalable. And as more and more web based applications, social networks, subscription based services, and mobile applications require users to sign up for their services, the use of passwords are here to stay with a stronger need for implementation. A whole new section of web services have sprouted up around passwords – services like OAuth, OpenID, Google AuthSub, AOL OpenAuth, Yahoo BBAuth for instance.
How To Use Passwords To Secure Data
An absolute must to-do on the strong password checklist is to require users to select and choose a strong password whilst keeping secure minimum length and other parameters for setting a password.
The use of mixed case, a combination of letters, numbers and symbols can easily be enforced by anyone.
In addition to that, it is important to make notification and monitoring a best practice. Notifying users to change and strengthen their passwords immediately upon suspected attack saves everyone a lot of trouble.
Then there is the lockout system – whereby any unauthorized attempt of accessing your application is set on specific lockout parameters that either does not allow unlimited number of guesses at sign in, limits an unlimited entry of wrong passwords to certain time limits, shuts down your PC, logs off PCs and monitors all password attempts to a log that you can view.
As a best practice, administrators can set guidelines in organizations to change their passwords often.