The Latest

Why Identity Management Needs to go Beyond Passwords

September 27, 2019

Identity management that reliably and securely authenticates users on your systems is a must for organizations in this day and age. If you don’t have a strong approach, you make yourself vulnerable, exposed and a target for hackers.

Why Identity Management Needs to go Beyond Passwords

Why you can’t rely on passwords alone

Identity management that goes beyond just a password is what is needed. If you rely on passwords alone, you have a security system that can easily be exploited. That’s because passwords are not intrinsically linked to their user. If your password is discovered, it can easily be used to login to your account.

So many breaches still happen because one person’s password is exposed, or even because one person’s password security practice is lapsed. It’s frustrating that a whole organization can be infiltrated because of a weak password.

Former hacker, Milliken, who served a 17-month sentence, in a recent interview said that passwords security was the main weakness he exposed. He said:

“The reuse of login credentials in my opinion is the greatest security flaw that we have today. When I was hacking, I had my own personal collection of databases that I could easily search for a company’s email and parse all of the data. It only takes one employee to reuse the same password to have potential access to hack everything that you’re looking for.”

Milliken went on to explain that it is not always re-used passwords that are a problem, but reused patterns. You have a problem if all you’re doing is tweaking your passwords slightly for different accounts. If your Twitter password is “TwitSafeWord”, and your Facebook password is just a slightly altered version like “FaceSafeWord”, you’re in trouble. Hackers will figure out simple patterns.

Identity management with multi-factor authentication

The security of a password system relies on everyone in your organization being clued up and diligent with their password security. That’s a big ask and difficult to encourage.

If organizations opt for identity management wwith multi-factor authentication, you can remove the reliance on users. Biometric fingerprints give employees a unique secure authentication rather than asking them to come up with another complicated password they have to manage alongside the many they already have.

Adding a fingerprint element alongside a password immediately elevates your log-in procedures and improves security. Unlike a password, only you and you alone can use your fingerprint. It can’t be shared, lost or phished in the same way as a password. A password and fingerprint combines something you know and something you are to safeguard your data. If you then add something you own, like a device, or smartcard, you create a strong identity management system that relies on three different identity authentications.

Multi-factor authentication is the true path to stronger log-in procedures and what we advocate here at Global Data Sentinel. Take the steps today to secure your organization and make breaching impossible.