Today the threat to our digital security is high – with the pandemic causing a rush to online services the hackers know there are many prime targets out there putting their credit card details and other PII into computer systems (ICO, 2021) so it is worth their effort to see who is not taking steps for good security.
If you are here to find out what the current thinking on “the best” password is – then please google and you will find lots of articles about that. Here I am going to discuss what lies beyond a “good password”.
Multi-Factor Authentication – MFA
The role of a good password is to prove who you are. It is the second of a two part key, the first probably being your email address, which is also probably public domain information. If the password is compromised then anyone can be you. If you do not realise this has happened then anyone can continue to be you.
If you use a unique password for EVERY service then you have only lost control of a single system. Hence do not duplicate your passwords.
Now this is where multi-factor authentication comes in. MFA apps generate a one-time-password (OTP) that is sent directly to your smartphone. You will use this OTP to login – the attackers will not have access to the OTP so you are protected even if they have your password. If you get an OTP notification you are not expecting, you are alerted to the fact that your email may have been compromised and you should take action.
Is it a good process – well the American military use it to protect their nuclear strike capability (Tom Scott, 2020). I use MFA (sometimes called 2FA) wherever and whenever I can to protect my identity. At Octagon everyone has to use the Microsoft Authenticator app (other companies produce similar apps) and MFA to access the company information.
Why MFA?
Biometrics
A further part of MFA is biometrics, using your physical features (usually face and or fingerprints) as part of the security process – it has it ups and downs – but it is something the attackers cannot steal (unless of course they have a fresh fingerprint, from a clean glass, silicon glove, some cyanoacrylate and a glass box – source many Hollywood movies). Biometrics is a security barrier between you and anyone who may have unauthorised access to your smartphone – my iPhone has face recognition to open it and the Microsoft Authenticator app requires face recognition security several times during the authentication process.
I also use biometric security on my laptop – I have activated both face and fingerprint scanners.
If your Windows PC does not have biometrics, then set up a PIN code – so you are not typing in your valuable (and vulnerable) Microsoft password each time you log into your computer.
Conclusion
Make sure you enable all of these extra security measures whenever they are available to strengthen your password defences.
p.s. I have been told I must tell you how to make a strong password – so have a look at this – xkcd: Password Strength – I regularly use this technique in my security seminars.
References:
ICO, 2021 – What is personal data? | ICO
Tom Scott, 2020 – Why You Should Turn On Two Factor Authentication – YouTube
Microsoft Authenticator App (all platforms) – Microsoft Authenticator – Securely Access & Manage Your Online Accounts
Clive
Clive is the CIO at Octagon Technology with special responsibility for data privacy and security. The world of business technology is constantly changing and to meet this challenge he recently graduated from Edinburgh Napier University with an MSc in Advanced Computer Security and Digital Forensics. His dissertation was on data privacy in small businesses using Microsoft 365 for business.
The degree is not the end of the studying – to keep current Clive spends some of his time at work simply reading and studying the latest technology trends and threats so our clients can benefit from this knowledge. This knowledge also shapes and supports the products and services our people deliver to the clients.
To fully use Clive’s new Master’s degree in Computer Security, Clive and Diana have a joint venture with an international research company to get access for our clients to up to date information, schemas, analytics, templates, actionable tools and guidance. Whatever the size of your organisation if you are not approaching IT, security and privacy in a way that supports and benefits you, they can help, from the boardroom to the shop floor.
If you would like to discuss any of these matters with Clive, email me at kamila@octagontech.com and I will organise a video meeting for you. He will be happy to answer questions about your particular issues.
Kamila
General Manager