Passwords Don't Secure Sh@t!

I often hear the term strong and secure when talking about passwords and this can have adverse affects on overall security. System Access Controls are often considered the first line of defense against cyber-attacks and hackers. The problem we face with using passwords for authentications are that passwords are often written down and shared with other. I have seen passwords left in desks, taped to monitors, and placed under the keyboard. When passwords are written down, security becomes fragile.

Even the strongest of passwords are considered weak. To strengthen the access controls over an IT system will require what is known as two-factor authentication or three-factor authentication. Authentication is based upon three known factors:

Something You Know – Like passwords, Pin numbers, or passphrases, which are considered the weakest of all the Authentication types. Passwords can be guess, brute forced, shared, stolen, or compromised.

Something You Have – Like smart cards, USB tokens, and key fobs, which can be lost, stolen, broken, shared, borrowed, or duplicated.

Something You Are – biometrics are types of authentication used; they include devices like fingerprints scans, voice scans, and retina/iris scans.

What is then meant by two-factor Authentication is the combination of using two types of authentication. An example would be passwords combined with key fobs or something similar to the Kronos Time System I currently use at work. Kronos requires employees to use a badge and the employee's finger print to clock in. Three-Factor would require all three and is considered the strongest.

So the next time you hear someone say they have a secure password, please let them know that passwords used for authentication is not considered secure. Secure is accomplished through two or three-factor authentication.

By: Joseph Dustin