In today’s blog post, we are once again focusing on the topic of passwords and security: After all, password-based login is still the most frequently used method of authentication. But logging in with a password is also a bit antiquated; there are alternatives – or at least ways to additionally secure logins. After reading the article, you will be able to distinguish between weak and strong passwords, you will know modern alternatives to passwords and you will know how to efficiently secure access.
Table of Contents
Caution Required: Password And Security
A large number of passwords are required both privately and for business – be it for logging into social networks or accessing the intranet: no one can avoid access data. It is important not only to choose the password sensibly for password-supported logins, but also to check it at regular intervals: on the one hand, whether the password was chosen securely and, on the other hand, whether it could be compromised.
Password managers or online tools are suitable for this; however, choose wisely: in the worst case, you will end up on a phishing site and pass your password directly to cyber criminals.
Passwords: One For All Or Password Manager?
You’ve followed all the tips and chosen a long, complex password – but it’s hard to remember. Wouldn’t it make sense to use this secure password for all services? Unfortunately not: If your password gets into the hands of cybercriminals, all accounts for which you use this password are at risk. Therefore, a golden rule when dealing with passwords is: use a separate one for each service!
A lot comes together. There are password managers to keep track of this password jungle. With a master password and ideally other means, efficiently secured, the password manager becomes your digital password brain. Many password managers also allow checking password security. We introduced you to some managers in the article on password security linked above. Companies in particular benefit from password managers: Passwords can be released individually depending on who is responsible for them.
By the way: While the opinion used to be that one should change the password at regular intervals, this has now been rethought. Critics were convinced that constant password changes tempted people to choose rather weak passwords. Instead, the rule today is that a really complex password can and should be used until it is eventually compromised.
Password And Security: Are Passwords Still Relevant?
There are numerous methods of authentication – the password is one of them, but not necessarily the most secure; at least not if it is not supplemented. Two and multi-factor authentication are ideal for this: With one or more additional factors, further authentications are necessary after the password has been entered. You can find examples and more information on this in our articles on two and multi-factor authentication.
Password-free login is possible with FIDO2 – we have already reported on this in detail. A few weeks ago, the FIDO sign-in was on everyone’s lips again: corporations such as Microsoft, Apple and Google want to abolish passwords together with the FIDO Alliance. According to announcements, Google would like to implement FIDO technology in its own products Chrome, ChromeOS and Android, Apple and Microsoft also want to make their platforms FIDO-ready.
Hackers Are Getting Fitter: Cracking Passwords Is Becoming Faster And Faster
A study by the US software provider Hive Systems shows that hackers are cracking passwords faster and faster, putting the conventional password login method at risk : In 2020 it still took eight hours to crack a complex eight-digit password, but hackers can do it today in under an hour.
Overall, the choice of login method and the generation of passwords must be rethought: Ideally, passwords are the first line of defense against cybercriminals. It is therefore worth using complex passwords – with significantly more than eight characters. With 16 characters you are well served if you wildly combine numbers, upper and lower case letters and special characters. But even then, you make it harder for cybercriminals if you add additional lines of defense on top: Multiple factors, such as biometrics or hardware tokens. However, combine them cleverly, because multifactor authentication does not always protect as desired.
Passwordless Multifactor Authentication
There are three processes involved in logging in: authentication proves identity, authentication checks proof of identity, and authorization grants certain rights. If the login process is to take place without a password, the major challenge lies in the area of identity verification, i.e. authentication. There are solutions for this:
Biometric methods, for example, are very popular. Whether face ID or fingerprint on the smartphone: Such methods are used a lot today.
Password And Security: Complexity Is Required!
Passwords like “123456” or “password” still top the lists of the most popular passwords – and also the most insecure. It makes sense to perceive passwords as the first line of defense against cybercriminals. If you do not want to switch to passwordless login anyway, make sure that your password is sufficiently complex. Protect it additionally with two or multi-factor authentication and check the security of your passwords at regular intervals.
Also Read: Supply Chain Security: IT Security For The Supply Chain