Passwords are not secure. We speak about this “ad nauseam” working with clients daily to discuss what the issues really are and the real-life impacts that weak password solutions can have on a business. A total takeover, non-adherence to compliance, loss of IP, finances & reputation and putting all of your users and staff at risk of further hacking attempts, thus opening you up to whopping GDPR related fines – these are the costs of a corporate data breach.
This reality is a harsh one, and it is not comfortable to acknowledge that your best, and very real, efforts to secure your business online are likely not going to be good enough to give you genuine peace of mind.
If you’re using passwords, especially ones that are not compliant and haven’t been checked against a breach database, there is a way for hackers to breach you.
The vulnerability, unfortunately, is us humans. We are not good code keepers and therefore face these dilemmas:
• Too many to remember
• Too complex to remember
• Too often re-used as a way to combat the first two
We continually adapt our solutions to meet the standards of the National Institute of Standards and Technology (NIST), but while these guidelines improve and help us to stay a step ahead, hackers also improve and thus the standards forever increase. Passwords and password reliant security solutions will forever be stuck in this game.
After everything just said above, it can be painful for us to admit that, while they’re weak, passwords aren’t going to be eradicated overnight. Business operation is complex, and we understand that a complete overhaul and change in process is a significant undertaking.
With this in mind, we developed a three-step customer journey that meets businesses where they are now, helping them work toward password liberation at a pace that is comfortable, prioritises the user’s experience, and keeps businesses compliant and secure at every stage.
Step 1 – Comply
While they may not be entirely secure, there are significant improvements that can be made to the security of password through compliance, as set out by the new NIST guidelines.
This step leverages the Authlogics Password Breach Database and employs a simple installable solution which works across your business to check, in real-time, that users’ passwords are unique, secure, and compliant. The Password Breach Database checks users’ passwords against a database of more than 500 million+ breached passwords to ensure your users cannot use these and risk the security of your business.
Best of all, this process is transparent to users and has the benefit of not allowing them to choose passwords they have used from elsewhere.
Step 2 – Secure
There is a reason why the EU’s Payment Services Directive 2 stipulates that businesses should employ Multi-Factor Authentication (MFA) to improve their user’s security. It adds an extra layer to make it much harder for hackers to break in.
While we strongly advise against SMS MFA (here’s why), there are MFA solutions which are both user-friendly and secure. Deviceless or 1.5 Factor authentication delivers a one-time code, without the need for a separate physical device, and there are a number of 2-Factor Authentication solutions, including smartphone solutions which use fingerprint or face ID.
Step 3 – Replace
Replacing passwords entirely is perhaps easier than you would think. Authlogics solutions are designed with users in mind. Conscious that they need to be easily adoptable, we can apply a range of low and hi-tech alternative authentication mechanisms to completely replace the need to remember a password, while keeping the experience simple for the users.
This solution swaps one factor for another factor. One which is more convenient, and more secure, involving something you know (your pattern), something you have (your device), and something you are (such as your face or fingerprint), providing the highest level of security, with the lowest level of friction for the user.
Find out more about password liberation on our website.
If you’re ready to step up your online security, get in touch with our team to learn how you can move through the journey to password liberation.