There are numerous cybersecurity risks that any enterprise leader needs to consider when planning out their organization's IT infrastructure. Security breaches can come from something as simple as a bad password, or--even worse--a bad password that's repeatedly used for multiple accounts within the firm. Anyone who gets a hold of that password would then conceivably have access to every account linked to it, which could open a company to all kinds of criminal behavior, including identity theft, financial fraud, and extortion.
But even when using best practices, no password based security protocol is full-proof. Plus, additional security measures linked to passwords, such as two-factor authentication, are often time consuming and inconvenient, even when they're effective. Passwords as a security measure have been around since the days of dial-up, but as the internet becomes more ubiquitous in both people's personal and professional lives, the password as a security measure could soon prove to be obsolete.
Getting the Best Out of your Passwords
Many of the breaches associated with passwords are often less the result of a genius hacker than from bad practices on the part of the user. Best practices around creating passwords tend to proceed from one general rule: don't use easily identifiable information in the crafting of a password. This includes using birth dates, either of one's own or of one's loved ones, personal hobbies (that one might, say, post about on social media pages), and retrievable public information like addresses and surnames. People construct passwords using this sort of information because it's easy to remember. But when hackers attempt to breach a password-protected account, this is the sort of information they will input first.
When it comes to passwords, two-factor authentication and randomized passwords are an organization's best bets. Two-factor authentication requires a user to not only input their password but to also submit a numerical code that the platform sends them for verification, usually as a text to a phone number on file or an email. That way, even if a hacker obtains a password, they won't be able to sign into the account in question without that second authentication, which would require them to also have access to the appropriate smart device or email address (and any of the associated security measures therein). Moreover, randomizing passwords using a combination of lower and upper case letters, numerals, and punctuation marks is another good way to increase password security. Such passwords are much harder to memorize and don't correspond to any retrievable information about the user. It's also advisable to refrain from using the same password for multiple accounts.
Many organizations today use a password manager, such as Lastpass or Keeper. Password managers allow users to store their passwords in a centralized, secured location. Many password managers also feature special features, such as built-in randomized password generators and features to allow an IT administrator to securely share out individual passwords to specific employees. It's also worth noting that many internet browsers, such as Google Chrome, have built-in password managers and generators, though their features don't extend out to protect and manage a whole organization's worth of passwords.
What Comes After Passwords?
Unfortunately, as the resources to protect organizations' IT security have advanced, so has the resourcefulness of cyber criminals. Measures such as randomized password generators and two-factor authentication arose because hackers became so good at circumventing prior security practices. So there's no reason to think that this won't continue into the future. There may even come a time when passwords become altogether redundant and useless.
One field of cybersecurity that could come to replace passwords, or at the very least augment them, are advances in biometric identification. Biometrics are any unique bodily features that one can use to identify someone. A simple form of biometric security from everyday life is the spaces on driver's licenses that indicate a driver's height, weight, and eye color. There are forms of computerized biometric identification as well, such as facial recognition software, fingerprint scanning, and voice recognition. Many recent smart devices feature facial recognition software, as well as fingerprint scanning, which is used to unlock phone screens and access apps, often in lieu of a numerical pass code or PIN. Since biometric identifiers are unique to the user, they're inevitably harder to get around than a password.
Biometric security raises some questions about consumer and worker rights, however. There's a fear that government agencies and private interests, including employers, may be able to track people's activity without their knowledge or consent if granted the power to log and store biometric information for security purposes. In June of 2021 a group of Senators introduced the Facial Recognition and Biometric Technology Moratorium Act, which would ban the use of biometric technology by both federal agencies and local law enforcement. Proponents of the law claim that the technology doesn't, in fact, enhance the ability of law enforcement agencies to keep people safe or track crime. In fact, they cite instances of misidentification by biometric technology, particularly in cases involving non-white suspects, which have led to unjust arrests. It's easy to see why many people would be uncomfortable with government agencies and private companies surveilling not only their actions but also logging their essential characteristics so that they could be more easily prosecuted in the future. Plus, if recent controversies around data collection by social media platforms have demonstrated, it's not always clear how third parties handle users' information. The Senate has not yet voted on the bill.
Whichever side one falls on in this debate, it's important that any leader think critically about the best way to protect their business from malignant actors. To learn more about how to increase your organization's security, whether through biometric technology or through conventional passwords, check out Titan Tech's website.