If you have any knowledge about IT and security you should know by now that a password, however strong it may be, is a weak form of authentication.
A “correct/right” password means: you have to make them complex, as long as possible and use a different password for every account you own. Have you ever counted how many accounts and codes you have to remember that way?
When I’m counting my accounts and authentication pincodes I’m in an instant counting 20 without even trying. When you’re an IT Pro that number goes up exponentially.
What happens when you’re facing the situation of an endless amount of passwords… You start compromising on these constraints:
- We make them easier to remember (Less complex or long)
- We reuse one password for multiple accounts
- We write them down
Even if we try to do it better. We might use a password manager to “securely” store “all” our passwords. A treasure chest we than usually unlock with one easy to remember password. We wouldn’t want to lose access to our password manager…
This isn’t to say that passwords are useless, they’re still the best first line of security we have for most services. But we need a more secure form of authentication to hold off a determined and skilled attackers.
So what can we do to make things easier on the user… “Single Sign On”.
We can make it so the user has less passwords to remember and use one username and password, one identity, to unlock many services and applications. This will make it the goal of doing passwords the right way not as difficult as it was when everything needed a separate account. The down side of doing this is, that this account will still be vulnerable to a good phishing attack or a keylogger.
We need something extra to make this password, only we should know, not the only “thing” that unlocks our data we want to protect. We need and extra form of authentication that identifies us as the right user. Multiple factors of authentication makes it harder for an attacker to steal our identity.
There are 3 types of factors we can use to authenticate ourselves.
- Something you know (Knowledge Factors): Username/Password, Pincodes, Security Questions, …
- Something you have (Possession Factors): your phone (sms, phonecall, software generated token, notification approval), connected tokens, disconnected tokens, keycards, …
- Something you are (Inherent Factors): Biometrics (fingerprint, face recognition, retina scan, … )
There are many more extra measures we can take on the path of strengthening your identity against attackers, but I think Single Sign On and Multi-Factor Authentication are a great start to make your data more secure.