Episode 007: One Small Sticky Note on a Password Wall, One Giant Leap for Security
Welcome to “In Security,” the web comic that takes a lighter look at the dark wave of threats crashing across business networks, endpoints, data and users. Get acquainted with the team and catch up by reading Episode 001, Episode 002, Episode 003, Episode 004, Episode 005 and Episode 006
Dylan may think his wall of passwords is a giant leap for cybersecurity, but it’s really just a grave misstep toward disaster. Far be it from us over here at “In Security” to judge our comic protagonist too harshly, but in all seriousness, password security is no laughing matter.
I know what you’re thinking. Actually, you’re probably thinking one of three things:
- Psh, a password wall? What gives? Anyone who writes his or her passwords down is asking for it. I know how to protect my personal information with my passwords!
- Oh no, I’ve been caught. I write my passwords down in one of those trendy journals with sayings like “Live, Laugh, Love” on them.
- How can an agile workspace have so much personality?
I have neither the time nor the expertise to delve into the art of agile work space design, but the old topic of password security in the age of the cloud, social media, big data and analytics is of critical importance.
Although most of us have heard about password security, it’s simply human nature to become lax despite the most altruistic of intentions. As financial expert Dave Ramsey put it, life happens. It’s easy to forget about password security, amiright?
Many of us have heard — and have sometimes ignored — traditional password advice. As a reminder, here are some nuggets of wisdom that we all know but sometimes neglect to abide by:
- Create passwords containing 12 to 16 characters.
- Don’t use the same password for more than one account.
- Keep your password weird. That’s right — channel all those quirky thoughts into the creation of your passwords. In the words of the 2012 hit by Macklemore and Ryan Lewis, “Thrift Shop,” don’t use the names of your “grammy, your aunty [or] your momma,” or other common words or phrases that attackers could easily guess. Use a healthy combination of numbers, symbols, uppercase letters, lowercase letters and spaces.
- Spread the love when it comes to special characters. Rather, spread them throughout your passwords as opposed to slapping a group of them at the beginning or end.
Passwords Petering Out
Passwords, though they may be the industry standard for authentication, are being replaced by other methods that have proven to be safer and smarter. Companies are building multifactor authentication (MFA) methods into their products and offerings to further protect their customers’ identities and personal information.
MFA is a type of access control through which a user is granted access only after presenting several separate pieces of information to prove his or her identity. This information serves as an authentication mechanism.
Types of MFA include one-time passwords (OTPs), where a user is given a password or token that is good for one use only, and two-factor authentication (2FA), where a combination of components confirms the user’s identity. The information used in these processes falls into one of three categories.
- Knowledge: Something only the user would know, such as a password or PIN number;
- Possession: Something a user has, such as an OTP token or QR code; and
- Inherence: Biometric forms of identification, such as fingerprint readers, voice authentication or retina scans.
IBM Takes On Password Security
For the third consecutive year, Gartner named IBM Security a leader in the Identity Governance and Administration space, and for good reason. Products such as IBM Security Access Manager help organizations secure and manage user access and protect applications against fraudulent and unauthorized access. An exciting add-on is the IBM Verify application, which adds an extra later of security to your online services by using two-step verification. It is available in the App Store like all cool apps are.
Do as I say, and not what our pal Dylan does. Be smart when it comes to password storage and add additional authentication mechanisms to your identity protection portfolio. Be vigilant in protecting your online identity.