Strong passwords and MFA

Meet the industry specialist entrusted with protecting your digital transactions and privacy.
Glen Gooding
ELEPAY CYBER SECURITY STRATEGIC ADVISOR

Strengthening Security with Multi-Factor Authentication
In the previous post, I spoke about the broader threat landscape and remaining vigilant. You will recall, bad actors from around the planet are dedicated to lifting your most valuable assets (your data) from your systems. In fact, for business owners, mostly that means your customer’s data.
Their path of least resistance is to target the human asset to gain access to your electronic assets. Phishing campaigns are being run every second of the day from all points of the globe in a blanket attack on whoever chooses to succumb to the relevance of a well crafted email.
Gaining access to a website requires several different authentication factors. Simply put, you need to prove you are who you say you are, by providing something you ‘know’, something you ‘have’ and something you ‘are’. To break this down, the ‘know’ is your username and password, the ‘have’ is a secret code from an app or SMS and the ‘are’ is your fingerprint or your face.
Collectively this is known as MFA, or Multi Factor Authentication.
The Power of Strong Passwords
I mentioned earlier that choosing strong or complex passwords is one method of strengthening your online presence, I also raised that keeping unique passwords across all your applications is best practice.
Here is a reference from Hive Systems that shows how quickly passwords can be cracked.

Most modern environments put a limit on how many times you can get a password wrong.
A tip for the business owners, please check how many times a failed login attempt is allowed in your environment?
Another utility that eases the pain of password recall are Password Managers, they allow you to categorise the different types of sites you visit, whether it be banking government sites, email, shopping or work related and keeps your credentials unique. This allows you to protect all your passwords and in some cases credit card or banking details in one secure location. These tools implement what is termed zero knowledge of your details, which means that the software vendor will never be able to get to your credentials, but it also means if you lose your master password, then you have no way of getting to your credentials. So be sure to have a strong passphrase that you will remember.
Many of us will be familiar with the use of third party authentication apps or at a minimum have received an SMS with a one time code to approve a banking transaction. Keeping your personal data or your company’s critical information secure is paramount and having an integrated authenticator to gain access to your email, remote access to your work systems or your financial sites should be mandatory. Vendors like Microsoft and Google provide viable solutions that integrate with many business applications and websites, and I would recommend for all readers that you enable MFA for your email and ask the question of your employers to adopt stronger authenticator mechanisms.
For the business owners, being able to articulate to your customers why cyber security is important to you will foster a level of trust in the services that you provide, strong security should be viewed as a viable business enablement strategy.
Lastly, biometric authentication. This is the finger print reader on your laptop or facial recognition that allows you to unluck your phone. Using something that you ‘are’ is a reliable and in many cases a convenient way of identifying yourself and allowing access to systems.
MFA is the combination of the above authentication techniques. Each one on their own provides a level of security, but all combined in a multi layered approach provides a very strong method of proving that it is really you. Putting this in context, if you weren’t being vigilant, and you clicked on a link and your credentials landed in the hands of our adversaries, then they would not be able to do much, as they don’t have your biometrics, nor do they have your secret code from your authenticator.
Cyber Security 10 Part Series
The subject topics will sometimes take on a business aspect, at other times a personal viewpoint, and in some cases, both will be covered.
Feel at ease to comment or even call for a confidential discussion about what security concerns you are facing.

PART 1
Introduction

PART 2
Remaining
Cyber Vigilant

PART 3
Understanding the Threat Landscape

PART 4
Strong Passwords and Multi Factor Authentication

PART 5
Avoid Using
‘Free Wifi’

PART 6
VPN – Should I Install?

PART 7
Importance of Employee Training

PART 8
Implementing Robust Password Policies

PART 9
Regular Software Updates and Patch Management

PART 10
Backing Up Essential Data