Tag: Two-factor Authentication

Categories
Casserly Consulting Blog

Do You Use 2FA? If So, You’re in the Minority

two_factor_authentication_400.jpg

Two-factor authentication, also known as 2FA, is a very beneficial addition to consider for your cybersecurity. However, a research study unearthed a few surprising takeaways that indicate that 2FA may not be adopted as much as one might expect it to be.

Researchers at Duo Labs, using data compiled by Survey Sampling International, designed a survey that would mimic the patterns that could potentially be seen in different regions concerning the adoption rate of 2FA. The results of this survey were striking, as they revealed that only 28% of those surveyed–designed to match up to the entirety of the US population–had adopted 2FA. Over half of the participants had never even heard of 2FA before the survey was administered.

The researchers were also surprised to find that, of those who knew about 2FA, 54% were voluntary adopters, and only 20.8% had been introduced to 2FA in their work environments. However, reflecting upon the number of applications and services that now prompt users to set up some form of 2FA, this is hardly surprising. Yet despite the relatively high number of voluntary adopters, less than half of these respondents used 2FA wherever they could.

However, there were a few results that showed a bit more hope for the utilization of 2FA. First of all, an analysis of the state of 2FA that compares the authentication options in 2010 to those in 2017, shows that more people are relying on more secure methods. For instance, the use of hard tokens (or a physical device used to confirm the bearer’s identity) decreased by half in the span of time the analysis covered. This indicates an increased awareness in the potential security risks that a hard token presents–all it would take is for one of these tokens to be lost or stolen to render 2FA ineffective.

The real takeaway from the results of this research is an insight into user behavior. Namely, convenience and simplicity were important factors when a user formed an opinion of the different approaches to authentication. This helped to contribute to security tokens being ranked as the most trustworthy form of 2FA by 84% of respondents. While there was an awareness that these tokens had their issues (including the risk of losing them, as referenced above) there was still a demonstrated trust in their reliability.

Despite all this, the sad truth persists that too few people are utilizing 2FA to secure their personal and business devices. With any luck, this will change in the near future, as network security has been thrust further into the public consciousness due to the repeated breaches and attacks that have made headlines as businesses rely more heavily on computing resources.

Do you have 2FA in place to protect your business resources? For help implementing it and other crucial security measures, reach out to COMPANYNAME at PHONENUMBER.

Categories
Casserly Consulting Blog

5 Security Analogies to Help You Better Understand Hacking

digital_house_400.jpg

How often do you read a blog article about network security only to be blown away by all of the overly complicated and confusing jargon of the industry? We know that it’s not necessarily your specialty, but it’s still important that you understand how network security works for your organization. While the complicated details should be left to IT professionals, we can help you better understand the general idea of security by comparing it to a locked door.

Brute Force Attacks
Let’s say that a robber wants to break into your home. He will try to go through a door, but he might not have the keys required to get in. In this case, he will have to use everything at his disposal to get in. He might try to kick the door down or smash a window. In other words, he’s getting into your house by brute force.

Brute force in computing can consist of a hacker trying to use as many passwords as possible in a short period of time to get in. There are programs that can randomly generate countless passwords in seconds, making this method of attack quite devastating when it’s effective.

Social Engineering
Let’s say that you have a new neighbor on your street. They ask you over for dinner and you get to know them. You feel like you are getting along with them quite well–well enough to trust them to water your plants while you’re out of the state on vacation for a few weeks. You give them a key, but when you come home, all of the plants are dead and you’re missing some furniture or technology. Yup, they’ve robbed you–you’re sure of it.

Social engineering takes a calculated approach to hacking and data theft. Hackers will make personalized attempts to steal your passwords and information by taking on the identity of someone you think you can trust with this information, like an “old friend” or “your elderly grandmother.”

Security Exploits
Robbers may try to find weak points in your front door. Maybe the door doesn’t quite lock all the way due to a defect in the manufacturing process. In this case, the robber may research what the weak points of the door are so that they can know the best and most efficient way of getting past your defenses.

Security exploits are weaknesses in software on your computer that allow hackers to sneak into your system and get into all sorts of trouble. These can range from weaknesses in the way that sensitive information is handled, to particular lines of code that create problems for your organization. Ultimately, it only takes a single crack in your defenses–a security exploit–to allow a hacker into your infrastructure.

Trojan Horse
Someone might knock on your door and tell you that something within your household is in need of repair. Maybe they know that you have a leaky faucet that needs to be addressed, or they know that you have some concerns about your furnace. They are then invited into your home and go about their business. You may then notice that you’re missing important items afterward, hinting that the off-the-street good Samaritan was, in reality, a scammer.

Trojans work like this in many ways. Just like the Greek horse of old, a Trojan sneaks onto your system and plants a backdoor, allowing for secret re-entry at a later date. Often times, a Trojan will use a larger data breach to mask its presence, and then continue to steal information in small doses as time goes on.

Two-Factor Authentication
Two locks are better than one in most circumstances. For example, you can have one lock on the doorknob and another on the deadbolt, which keeps the door fastened in place even if the door is forced open near the doorknob. Basically, having two types of locks makes it twice as hard to get to anything of value.

Two-factor authentication can be used to provide this secondary credential to your digital assets, including online accounts or network logins. A secondary code can be sent to an email address or mobile device, which allows your employees to access important information only when both of these are present.

Does your organization need help with network security? COMPANYNAME can help. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Boosting Your Security Only Takes Another Layer of Authentication

two-factor_authentication_400.jpg

Data breaches are so common nowadays that you’re lucky not to see one in the breaking news section of any news outlet. How is your business preparing for the inevitable data breach of intellectual properly and sensitive information? You need to start considering preventative measures, like two-factor authentication, to keep your data secure.

The main issue that two-factor authentication can solve is the decreasing amount of security provided by passwords. Technology has become so advanced that even complex passwords that maximize security can be cracked under the right conditions. Users tend to use easy-to-remember passwords which come with their own set of complications, so we’ll talk about ways that your organization can use two-factor authentication to solve common password troubles.

It’s a best practice to change your password every so often, and users might scratch their heads at how to remember some of these more complex passwords. Passwords should be at least 12 characters long, and must use special characters, upper and lower-case letters, numbers, and symbols. All of this must be done in a seemingly random string of characters, but users might try to use these characters in a way which makes it easier to remember. In fact, they may just use a password for another account, or one that includes information from a social media account, like the name of their dog or first-born child.

Generally speaking, it’s best to keep information that could easily be found in public records out of your password fields. This includes the names of your children, parents, or other important individuals, as well as any information that you store on your social media accounts, like your favorite TV show or movie. Hackers have more tools than ever before to find out all sorts of information about you, so you have to be very careful about how you use this information in passwords. Plus, there’s always the chance that you’ll use this information for security questions, which doesn’t do you any favors when hackers can just find the information at their own leisure.

Although password managers do make passwords easier to remember, the primary problem with them remains the same. If a hacker can find out what that password is, they can access all of your accounts easily enough. Two-factor authentication makes things much more difficult for a hacker, requiring that they have a secondary credential to access any account associated with it. This acts as a secondary security level, and it’s one that requires the use of a mobile device, email account, or other access method. It’s a great way to take full advantage of next-level security, and since it’s easy to set up, you can do it quickly and efficiently.

Do you want to take full advantage of two-factor authentication? For more information about personal and network security, call us today at PHONENUMBER.

Categories
Security

Helpful Suggestions to Improve Password Security

b2ap3_thumbnail_password_security_400.jpg Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication
2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to COMPANYNAME and ask us about our two-factor authentication solutions.

Password Managers
A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from COMPANYNAME can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

COMPANYNAME can help your business with all of its password managing needs. To learn more, reach out to us at PHONENUMBER.