Why are too many systems falling foul of cyber-attacks? Why do consumers fall foul of same so easily online? Some of these reasons are bound up with technology and the approach that many take with regards to their cybersecurity credentials. This includes weaknesses around password setting, and the need for more sophisticated forms of authentication.
To gain a better insight into why good password management is essential, Digital Journal asked Mathew Newfield, Chief Security and Infrastructure Officer for Unisys, for ideas as to how to create more secure passwords.
Newfield says there are some basic good practice points that can be adopted, beginning with how the password is conceptualized: “It is important to change default password and to start using passphrases of significant strength – greater than eight characters – with at least three of the following four characteristics: uppercase, lowercase, number, special character. Do not use words or deviations of words as passwords.”
But is the password in itself sufficient? Newfield also stresses the use of multi-factor authentication for personal security.
“Multi-factor authentication, or MFA, is not just for businesses. If you’ve ever had to use a verification code, texted to your cell phone, to log into a personal bank or credit card account, you’re at least vaguely familiar with the concept of two-factor or multi-factor authentication.”
Multi-factor authentication refers to a digital-based authentication process designed to provide a user to access to a website or application, provided they have bene given access permission. To boost security, access is only given once the user has successfully presented two or more pieces of evidence to an authentication mechanism.
The principles upon which MFA is based are: Knowledge, possession, and inherence. Exactly what falls under these categories can be confusing. For instance, if a user memorizes a swiping path on their device, this does not count as an inherence element. However, it can be used to represent the knowledge element.
With the latter point, this refers to metrics intrinsically owned by an individual, such as an retinal scan or a finger-print to unlick a data source (drawing on biometrics). With possession, this could represent a token and with knowledge this relates to facts that only users would know about themselves, or the application of a learned password or PIN.
Newfield looks at the range of options open to consumers: “Today, consumers can choose from additional authentication choices, as many apps offer MFA options. In this instance, consumers have the option of setting up voice or facial recognition-based access or to receive push notifications if a new or unauthorized login is detected.”
