With all of the reports, repeatedly taking up news space, of yet another mega-company or government or high-level security agency being hacked, you might feel a little overwhelmed and utter those horrible last words of resistance, “What’s the use?” Like the hackers have all the tools and skill and what’s a poor non-tech to do?
Not true! Not true. Read on dear user for a truly simple, truly effective means of creating “insurmountable obstacles” for the hackers in your life (that you aren’t aware exist…yet.)It’s called two-factor authentication and makes use not only of a password, but of a second factor allowing only the true user to authenticate the primary factor – the password. Most common examples of 2nd factors are your credit card PIN in conjunction with the card itself; or an SMS message to your personal cell phone to confirm that you are the one who entered the site password.
Why isn’t a good password good enough? Imagine asking that if your password is one of the five most common passwords in the US! Something crafty like, “123456” (#1) or “password” (#2) or “qwerty” (#5). Check your keyboard for that one.. Easy to remember. Not much of an obstacle, and all too common. BTW – #3=”12345” and #4=”12345678.” Not very creative, are we?! “We’re doomed!”
But, you splutter, I use a really strong 20 character password comprised of upper and lower case letters (that spell no dictionary word), multiple numbers and an occasional symbol thrown in to make it hard. Unfortunately, thanks to high-powered hacking techniques and hacker software, what in ages past (5 years ago) might have been quite good, is no longer a match for today’s persistent obsessed hacker using computer driven deciphering. .
Add to that the human factor where hackers simply call and ask! Phishing is very productive. The hacker merely sends an authoritative email message that “looks right” and “rings a bell” but is based on crafty look-alike design and public information.
Like the one I got last week using my accurate email address and what appeared to be the email address of Alliant’s owner, in which the owner asked me to provide the information to wire funds. Of course I was suspicious! Especially when the From: email was inaccurate. How did I know it was wrong? I clicked Reply. There it was unmasked: email@example.com.
Two-factor authentication is a way of making it harder by making it personal. The password is one factor. The second factor is something attached to you or in your possession, so personal that the risk is too great or the effort is impossible. Such a discouragement is so great that it simply isn’t worth it.
Some of the most popular methods of two-factor authentication include:
- USB stick with a secret token
- SMS Message of a code sent to your smartphone
- Email to a secondary address:
- Voicemail: security code sent to voicemail
- Physical characteristic (biometrics) – fingerprint, eye, voice, or typing speed
Of these, the biometric avenue is the most secure, for now. The others can be lost or intercepted, but do pose a great obstacle. A good starting point for gaining an upper hand at establishing hacker-obstacles is creating password policies at your business. Alliant routinely does this for its customers. Alliant can also help your business think through quality security solutions, and provide preventative measures, and disaster recovery for business continuity.
When you’re ready, call 626-461-1300 to find out how Alliant can help.