Pass on Passwords: Multi-factor Authentication Is Better Security

Truth is, nobody likes passwords. From a user standpoint, they’re hard to remember. From a security standpoint, they’re ineffective. According to Frank Abagnale, the ex-con who inspired the movie Catch Me If You Can and who now works for the FBI, “passwords are for treehouses.”

Abagnale’s story is fascinating and his experience in cybersecurity spans 43 years as an instructor at the FBI Academy. He was recently interviewed for a special series by TechRepublic about his thoughts on cybersecurity. Among the top topics—the timely demise of passwords.

Passwords are so 1964

Abagnale remembers the development of passwords when he was 16; he’s 71 now and he says passwords are outdated technology and “the reason we have most of the malware, ransomware, and all of the things that are going on.” If you aren’t sure the heyday of passwords has truly come and gone, consider this: he’s spent the last five years on a government project to eliminate the use of passwords.

While passwords may be nearing the end of their useful life, the reason they were developed becomes more critical every day.

Providing access to data, assets, and processes anywhere, anytime and on-demand is part of doing business in many industries. So is securing it all. As modern security measures work to keep pace with modern threats, multi-factor authentication (MFA) has become a leading alternative to passwords alone.

What is multi-factor authentication?

An MFA security process verifies a user’s identity by requiring multiple credentials before allowing the user to log in or complete a transaction. Usernames and passwords are easily lost or stolen and are susceptible to brute force attacks. MFA provides another layer of protection, and available technology is robust, making managing and implementing MFA far less complex than in the past. Yet, only 53% of organizations have implemented MFA.

Using MFA helps the security team manage how individuals access the organization’s networks, systems and data and can be integrated into every entry point of the network, including VPN, WiFi, VDI, workstations and single sign-on. The combination of credentials unique to each user may still include a password, but that password won’t work alone—other identifiers are required as well.

A combination of these can be used for MFA credentials:

  • Codes generated by a security program or app
  • One-time passcodes pushed to the user’s trusted device through a secure channel
  • Physical objects like a key, badge or another device
  • Biometric inputs, which can include fingerprints, retina scans, vocal ID and facial recognition
  • Personal knowledge that only the user has, such as answers to security questions or a password

MFA benefits beyond security

While there is no doubt that organizations benefit from the increased security of MFA implementation, users can also benefit. When user burden is considered in the implementation process, it’s possible for users to get faster, easier access to apps and systems, leading to improved satisfaction. In some industries, such as financial services, MFA has become the standard for access. These customers now expect the improved security of MFA, seeing it as a positive when it’s in place and a negative when it isn’t. There are also intelligent MFA solutions available that incorporate risk detection and user behavior analytics to minimize required user interaction.

Both users and IT teams appreciate the self-service password aspects of many MFA solutions. Users don’t have to wait on IT for password resets and IT teams have fewer password-related helpdesk tickets to clear.

Better security and improved user experience can be achieved with MFA when implemented with a solid understanding of the process. The Security experts at Sirius have the experience to help you determine the right methodology and solutions for your organization. Learn more about our capabilities here or contact us today to get started.

By |2019-12-18T14:03:11-06:00December 20th, 2019|Blog|Comments Off on Pass on Passwords: Multi-factor Authentication Is Better Security

About the Author:

Thad Smith is a Principal Consultant with the Sirius Security practice.