Page 82 - Cyber Warnings
P. 82
any benefit to security and may even create a less secure environment for the previously stated
reasons.
What should be done?
Organizations must encourage users to make an effort to create strong passwords that they will
be able to use for a longer period. This policy in combination with periodic security awareness
training, well chosen salts, and limited login attempts will help to increase password level
security.
However, the gold standard that companies should establish – especially if the enterprise
maintains sensitive data is to implement either biometrics or multi-factor authentication.
For example, there are some token generators that provide “three-factor” authentication
(username, password and token code). Some systems might even require you to answer some
pre-negotiated questions or select a specific photo from a group of images. These add an extra
layer of security to the user accounts.
I believe it is crucial to find the balance between convenience and keeping corporate information
secure. In that respect, multi-factor authentication seems to be the best approach moving
forward. Experts like to rant about how the end-users are the weakest component of enterprise
security. But, with MFA becoming as ubiquitous as tweeting for millennials, this mechanism is
already at the user’s fingertips.
Recently, even Apple has sent out friendly reminders to encourage its users to enable 2FA to
provide an extra layer of security for its iCloud data as well as for all other devices. Thus, on
comparing the convenience of the standard username and passwords with multi-factor
authentication methods, it looks like the latter seems to prevail.
Ergo, organizations should ruminate about the pros and cons of mandatory password changes
and then consider making calculated user-centered changes to their password policies instead
of forcing its employees to constantly keep changing their login passwords.
About The Author
Sarosh Petkar is a BS/MS student of the RIT Computing Security
department. He is on his way to Mountain View, CA for a summer internship
with Veritas and has previously worked with Covermymeds in Columbus,
OH. His interests include reverse engineering, network security and
cryptography.
Sarosh Petkar can be reached online at [email protected]
82 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
