Let’s face it, of all the risks to IT security, people are the largest. It doesn’t matter how secure your building and network are if an employee with access hands the keys over to a criminal. That’s what your users may as well be doing if they’re using any of these passwords. When you can use a list of 10 thousand passwords to gain access to many accounts, bruteforce password cracking becomes unnecessary.
How can I mitigate the risk my users pose?
There are three key ways you can mitigate the risk, educating your users, removing passwords from the picture, and adding more authentication than only passwords.
When it comes to educating your users about what is and isn’t an acceptable IT practice there are a lot of right and wrong ways to connect the dots. Simplistic messages and training sessions can make your users feel ignorant, gullible, or even unintelligent. Instead, the best responses tend to be those which are honest, informative, and relevant. A good way to approach this is by using examples of IT security issues that have recently received media coverage. People remember large events like when eBay was hacked, so you could work that into a lesson about using secure passwords for each independent site. Making your lessons relatable will increase your employee’s retention of the lesson. It’s just that simple.
Remove Passwords From the Picture
Single sign-on (SSO) is a password management system that stores each user’s login ID and password for each individual resource. Once a user securely logs into a SSO portal, the system provides the user’s login credentials behind the scenes to whatever application or service they attempt to access. From the user’s perspective, all they need to do is click a button and they are logged in automatically.
Security is all about risk mitigation, there’s no such thing as a perfectly secure system. What does exist are systems which are secured to a degree which adequately reflects the value and importance of the information they contain. Multi-Factor Authentication follows these same notions. While a password is one way of identifying a user, multiple measures exist, and those measures can be leveraged with passwords in order to provide a level of security which a password alone could never achieve. These other factors could be anything from phone apps, which rely on a user having a phone available to them, to biometric scans like iris and fingerprint readers. There’s a lot of means of achieving multi-factor authentication, the only limiting factors are the budget and effort of implementing a solution.
Multi-factor authentication, and Single Sign-On are two of the core features of the AuthAnvil. Businesses use AuthAnvil to not only increase their security with MFA and its password management and auditing capabilities, but to increase efficiency and enable their workers with a powerful single sign-on portal that can be linked to almost any application, site, or system.
To learn more about how AuthAnvil can help your business, just take a quick peek at what we have to offer by reading our free eBook: “AuthAnvil Password Solutions Quick Peek”