Since the dawn of the Internet, Security has been constantly improving to stay ahead of the curb of hackers. By implementing passwords, to encrypting communications we have make the web a much safer place but the one place we have yet to fix is in our reliance on the password.
People are constantly reminded about password security, how you shouldn’t reuse the same password on multiple sites other well placed password security practices. We have also heard our fair share of website databases being hacked and from the early days of plaintext password storage to the new and improved salted hash we are still finding ourselves in the constant war with hackers over passwords.
Some of the most common ways passwords get stolen:
Shoulder surfing – looking over someone’s shoulder while they type their password
Android’s useful but also very exposing keyboard
The list can go on. While a majority of users are relatively safe from the prying eyes of hackers, there is one special group of users who’s passwords are the most sought after and that is of Computer and Network Administrators. Their passwords allow them access into the deepest and most sensitive locations inside a company’s network. These are the keys to the kingdom and it should come as no surprise that hackers will try every known trick in the book in order to get their hands on it.
Unfortunately just like some stubborn users, Administrators are also prone to a logical fallacy that if you generate a super secure password you are automatically safe from the usual password threats but that is far from the truth. While a strong password is just one one many tools available to users and administrators alike it should not be the only thing standing between you and hackers. By utilizing multiple factors of authentication you significantly raise the bar for wannabe hackers to login to your account.
Multiple factors of authentication usually work like this:
Password – Something you know
Biometrics – Something you are (fingerprints, iris, voice)
Security Key – Something you have
By increasing the level of security of any system you inherently make that system less accessible in terms of how quickly it is to get into the system. It is important to find a balance that you deem acceptable.
Following news coming out of Google, not a single employee has been the victim of spear fishing attacks thanks to the use of a small security device called a security key. Security Keys are devices that plug into your computer that provide a secure method of authenticating a user (typically by using public key cryptography). Yubikey which manufacturers well known and industry trusted keys has written a comprehensive guide on how it works and can be found here (https://www.yubico.com/why-yubico/how-yubikey-works/)
Yubikey offers what is called a “security key” which is a simple blue key that can be used to secure accounts on the web for a remarkable $20. It is the most cost effective and easiest way to get started with protecting your online accounts. They also offer more complex keys that feature NFC for use with mobile devices as well as support for importing other security-related data like passwords, OpenPGP, One time key, and even smart card.
I hope I have at least convinced you to go out and try it for yourself, worst case you’re out $20 dollars but I’m certain that once you’ve seen the benefits yourself you will even consider doubling up your password with these wonderful devices.