Username & Password – Why Invite a Breach?

Justin Hulls, Nuvias incorporating Wick Hill PSM for HID Global. We all lead busy lives’ and it doesn’t look like that’s changing anytime soon, technology’s great and in many ways it’s made life easier, but have you ever stopped to think is that really the case? Everything is getting smarter and digital life is great, […]

Justin Hulls, Nuvias incorporating Wick Hill PSM for HID Global.

We all lead busy lives’ and it doesn’t look like that’s changing anytime soon, technology’s great and in many ways it’s made life easier, but have you ever stopped to think is that really the case?

Everything is getting smarter and digital life is great, isn’t it? We communicate in an instant, everything’s so fast and right there at your fingertips. Both personally and professionally we access and absorb information at an incredible rate of knots – we pass it along, we contribute to it, sometimes sensitive and sometimes not. We manage our emails, our professional and social profiles, our bank accounts, our bills and countless other things online and we all get swept away in the sheer convenience of it all.

How many of us actually and I mean ACTUALLY stop for a brief moment to consider how secure all of this is? All these systems, applications, portals, networks we access on a daily basis with all this sensitive information, how many of us stop to think, is this secure? My guess is not many.

How do the majority of us access this information? Who’s our gatekeeper standing at the door? I’m guessing in most cases it’s good old fashioned username & password!

Did I say password singular?, if you’re like me you have passwords for everything and everyone’s password “rules” are different making it harder and harder to remember them all. That said most of us will always make the minimum of changes regardless of keeping the basic password the same.

As consumers we tend to be ignorant of the risks, we should know better. But we don’t, we’re creatures of habit, including security professionals such as myself.  Why make things difficult for ourselves? what’s my password going to be? A child’s name, a favoured pet, other family members, a desired car, the list goes on. Shall I use a different password for something else? not if I can avoid it, the usual one will do and just in case I don’t remember I’ll write it down. Remember the professional and personal profiles I mentioned? Well chances are your password will be on one of them in some shape or form waiting to be discovered.

But I am a consumer and it’s my information, my data, my embarrassment or miss-fortune if someone guesses my password and gains access to it. What I can’t get my head around is why commercial entities still give access to their networks and systems via their employees with a simple username & password login. I mean sure it’s their data but also in many cases it’s my personal information and data too. I can be reckless with it that’s my right, but I sure don’t want anyone else doing the same!

Multi-factor Authentication has been around for a while and we’ve all be using it for years. In fact, every time you go to the ATM your using strong authentication. The premise is simple, something you have (a debit or credit card) and something you know (your pin). These two things combined give you access to your money. Would you feel as secure if you simply walked up to an ATM with a username and password?

I could bore or scare you with statistics at this point but won’t. Needless to say you can look for information all over the web on this and they’ll all say the same thing if you’ve had or are likely to have a data breach then chances are it’s because someone’s password has been compromised.

Commercial authentication works the same as traditional ATM’s.. You have a token (something you have), with this you enter your pin (something you know) and can generate a unique one-time password (OTP) whenever you log in. Simple safe & secure with seamless user experience and one less passwords to remember.

Your authentication method can pretty much be almost anything you want it to be –  hardware, software, card, biometric etc, implementation is straight forward and requires little or no more effort than issuing login passwords today. HID Global’s ActivID® Authentication Server is used by governments, enterprises and banks worldwide to secure access to critical infrastructure so organisations can stay ahead of an ever-changing threat landscape, without disrupting user workflow and productivity.

Solutions like HID ActivID Authentication Server come with a built in help desk, meaning no more password requests.

In answer to my earlier question, technology does make life easier and I’m sure most of us would agree (apart from having to remember all those passwords), but it also makes us more exposed and more accessible. Life has moved on and so should the username / password log on. When affordable simple multi-factor technology exists there really isn’t an excuse not to use it!

For information, please visit https://www.wickhill.com/products/vendors/detail/125/HID-Global