Will tech industry ever fix passwords?

By Jeff Vance, CIO |  Security, passwords

"Nearly every device already has strong authentication features. It's just up to their users to use them," says Taher Elgamal, chief security advisor for business software provider Axway and one of the inventors of SSL. "Laptops have had hardware cryptography for years, but nobody uses it. New mobile phones have some innovative authentication features, but there is currently no standard interface between Web servers and the authentication features."

There are also easy steps that service providers and employers can take. As any security professional will tell you, your house doesn't have to be 100 percent impenetrable. That's an unrealistic goal. But if it's more secure than your neighbors' houses, you'll have a much lower risk of a break-in.

5 Things Consumers Should Do to Strengthen Passwords

Never share passwords with anyone, not even your spouse. Even if you trust the person completely, do you trust that they'll never be lured by a spear phishing attack that may have you as the actual target?

Don't reuse passwords, and rely only on strong passwords, meaning long passwords with numbers, capital letters and special characters. You can either develop mnemonic tricks to remember these, or use password management tools like 1Password or LastPass.

Turn on enhanced authentication and security when it's available. For instance, Facebook, Google and others offer enhanced security features, such as SMS notifications if an unknown device attempts to access your account.

Use tools you already have, such as time-outs and screen locks on mobile phones.

Pay attention to your social interactions. Be careful not to broadcast your date of birth, anniversary, name of your high school or other identifying factors that could allow hackers to pass through challenge questions.

5 Things Businesses Should Do to Strengthen Authentication

Have strong protections in place for any user credentials. At a minimum, passwords should be hashed (converted from plain text) and the databases encrypted. Better still, "salt" passwords by adding random strings before storing them.

Require that users create strong, long passwords.

Offer enhanced account protections, such as SMS warnings when a user's account is accessed from a suspect IP address or unknown device.

Embrace multifactor authentication. If it is not a compulsory mechanism, at least start rolling it out in stages, starting with your most sensitive applications and highest-risk end users.

Conduct regular audits and security reviews.

10 Steps to Clean up after a Breach


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness