Usernames and passwords are the most common way to secure access to software accounts and data. But passwords don’t work — at least not as well as they should, and especially not the way they used to. Sophisticated phishing schemes, brute force attacks, social engineering, and the myriad other methods hackers and thieves have at their disposal to hijack accounts and steal data makes it clear that passwords alone are often not enough to keep data secure.
There are useful sites that can tell if your password is secure as well as provide tools for devising secure yet memorable passwords, but these offerings don’t solve the fundamental problem of passwords being guessed, stolen, or hacked.
Since passwords are so vulnerable, what can businesses do to keep their data safe from malicious intent? Multi-factor authentication is one effective method to help keep accounts and data safe.
RELATED: Have you read our free white paper Making the Most of Multi-Factor Authentication? Download it here.
Multi-factor authentication requires users to present two or more of the following: something they know, something they have, and something they are.
- Something they know is familiar, and includes passwords and pin numbers. This first factor is the initial line of defense for most data.
- Something they have could include a cell phone or USB drive with a security token. This authentication factor can take many forms.
- Something they are includes biometric and highly individualized attributes like fingerprints or retinal scans. This is not as common a form of authentication because it requires more expensive hardware and time to implement, but it is very secure, despite how it’s portrayed in the movies.
Multi-factor authentication has been around for a long time. For example, before giving you cash, ATM machines require you to insert your debit card (something you have) and your pin number (something you know). However, even though it is a well-established security protocol, many companies still do not employ this tactic, to their own detriment.
The most common type of multi-factor authentication, as well as the easiest to deploy, features having the user present something they know (i.e. a password) as well as something they have (i.e. a cell phone that can receive a SMS message). In this scenario, the user enters his username and password and then is taken to a screen where he is asked for a code that is sent to his cell phone. This is how Google handles two-factor authentication.
Consumer-facing sites like Google and Twitter make it easy to reset passwords. And Google also makes it simple to set up multi-factor verification to protect your account with their service. There is no reason why it should be any harder for businesses. It is especially important to have multi-factor authentication in place to secure the sensitive data housed on mainframes and enterprise systems.
Help Desk calls for password resets are inherently risky and vulnerable to social engineering since the IT worker receiving the call may not have a reliable way to identify the person on the other end of the phone. There is a risk that a hacker could trick a Help Desk worker into giving out or resetting a password that he should not have access to. For managing password resets in the enterprise, technology is a more secure way to handle the process. Software that automates the password reset process eliminates the risk of IT being manipulated to give out and resetting passwords for the wrong people, thus granting them access to sensitive data.
The security benefits of multi-factor authentication cannot be overstated. For organizations with sensitive data that need the highest levels of security, multi-factor authentication is a must. Ready to get rolling with multi-factor authentication in your organization? Read about our self-service mainframe software package, ReACT, which offers the convenience of automating password resets as well as the security of multi-factor authentication.