Passwords and Protection

It’s 2014. Do You Know Where Your Data Is?

You have racks of servers and migrate data religiously to the cloud and off-site storage. Your IT staff builds a firewall and posts a guard. Your commitment to network security is unparalleled in the industry. That’s the good news. The bad news? Security is always about the weakest link.

Studies suggest that even in the dark ages before tablets and smart phones, more than 60% of your core data was housed on or readily accessible through the personal computers and laptops of your employees, machines that exist in the world beyond your walls, in coffee shops and carpool, hotel lobbies and airport lounges. Imagine how that number has expanded now that we all have exponentially more computing power in the palm of our hands. Your data is everywhere. Are you using protection?

Open Sesame

A system of passwords and personal identification numbers (PINs) has evolved over the years to be the dominant security tool, used by the masses to guard against unauthorized access to protected data. Turns out, though, that the masses aren’t nearly as creative with passwords as one might assume. In 2009, a breach of RockYou.com, a publisher of Facebook games, opened Pandora’s Box when the site’s 32,603,388 user names and plaintext passwords were made public. Despite the encouragement to create strong passwords that mix symbols with letters and numbers, more than 1% of the accounts used password, 123456, 12345678, or qwerty to open the magic door.

With passwords, we are probably all guilty at times of lacking imagination. And even when we assemble the perfect password, we often have to write it down and stick it to the monitor to remember it. So we turn to encryption algorithm software like LastPass that generates strong, discrete passwords for each of our accounts and keeps them safe in a vault that is, itself, password protected. So the problem is not eliminated as much as it is simplified.

A More Authentic Security?

The vulnerability of password protection is ushering in a new approach. Multiple Factor Authentication (MFA or 2FA) requires presentation of at least two of three authentication factors: something a user knows, something a user has, and something a user is. Among the first to proliferate the newest trend in access security, Google Authenticator provides time-sensitive codes or tokens through SMS. The user knows the password and has the phone of record for the SMS. Prompted by each account, the user enters the code within the time allowed and gains entry. The result is a more dynamic level of security than that offered by passwords alone.

Protection in your Wallet

Now that currency follows everything else into the digital realm, wallets are slimmer, their contents more visible to the world, mainly because smartphones are rapidly replacing them. As you send your data out into the world in what seems like an everlasting prom night, encourage your users to keep some protection in those phone wallets. Passwords if they must, 2FA if they will. That’s your only data, after all. It means the world to you and should be returned to you safely, not too happy and not too sad. Make sure they know you’ll be waiting up.

Click here for more on password security.