How to ensure strong passwords and better authentication

30 November 2015

Peter Wood’s ‘Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft’ published recently on ComputerWeekly.com are really worth reading.

The checklist is a good starting point for a self-assessment, except for the tip on Two-Factor Authentication. I fully agree that privileged accounts and accounts used for remote access must be given special protection. But this will not stop attackers from theft of information once they got access to the company network e.g. through a phishing attack. In this case the attacker acts as an authenticated user with all the authorizations granted to this user.

If Two-Factor Authentication is required even for access to business critical information inside the company network a large bunch of attacks is no longer possible because the attacker has just no access to the second factor, e.g. the user’s smartphone and the authenticator app.

A 27 chars passphrase like ‘1sn’t th1s a good password?’ is definitely much safer than an 8 chars hard to memorize strong password. But the passphrase is as useless as the password once the attacker managed to get access to the network. In this case a second factor could make life more difficult for the attacker. In addition the chance of getting discovered increases dramatically.

Have a good week.

Advertisements

One thought on “How to ensure strong passwords and better authentication

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s