Passwords. The Pros, The Cons, The Alternatives.

Password Security

Enter your username and password. The format has been around for ages, and is so commonplace now that password fatigue is a real thing. The end result is that the same username and password combination -- maybe variations on the same theme because that seemed enough at the time -- are repeated and propagated across different sites and applications for years. The risk associated with sticking to that habit has grown immensely with the ever-increasing number of data breaches and now, more than ever, the approach to passwords has to change.

Some have argued that passwords are dying or are even dead already, and need to be eliminated entirely. Unfortunately, while those arguments are valid, they remain aspirational and the password as we know it, isn’t going anywhere anytime soon.

So we need to improve how we use and approach the password. Below we explore 5 ways to help you protect your applications, reset and create tough passwords, and leverage password alternatives.

If you need a password, switch to a passphrase

The more complex you make a password, the more secure it theoretically becomes. This has been the thinking behind every security standard and password policy requirement for years. The usual password policy requires 8 characters, mix-case, a number, and a special character.

This artificial requirement can have a few negative outcomes though. It also means that passwords that meet the requirements, are not actually secure.

Users want to use a password they can actually remember (or they write them down), which means repetitious patterns and sequences based upon common words. Sorry, but while it might meet the requirements, Password1$ is not a secure password.

Users also tend to use similar patterns of words, characters, and placement. We know this thanks to the massive data breaches over the years. This means attackers can use a dictionary of passwords based upon past breach data, add a couple simple rules to modify them based upon known password habits, and easily compromise accounts.

A better approach is to use a passphrase, or a group of unassociated words. This doesn’t mean choose a line of dialogue or line from your favourite poem, i.e., sorry, Twas brillig, and the slithy toves while nonsense, is a known. Instead, choose four words and make up a story or whatever would help you remember it.

Use a credential vault/password manager

There is growing evidence that changing your password every 90 days, much like the old complexity standards, is not effective. With that said, until you have universally adopted better password habits, changing a password regularly can help limit the impact of a compromise.

The challenge with constantly changing passwords is that this tends to push people towards old habits of using easy to remember and guess patterns. This can be offset by storing credentials in a password manager. These are designed to encrypt and protect information used to authenticate into applications, and allow you to copy login information from them when you need access or actually log you in directly from the application. Just remember to use a strong passphrase to secure the vault.

Avoid re-using passwords by leveraging a password generator.

We understand that it is easier to access various accounts and applications if you just use the same username and password on everything. And hackers love it when you do! Because once they’ve found your credentials for Gmail or Salesforce, they’ll have access to Twitter and Dropbox too.

Stop using 12345 or password as your password. Empower yourself and your employees to use stronger passwords without the hassle of having to remember them by taking advantage of Bitium’s password generator and manager.

With the manager, administrators will gain insight into app sprawl and access to a broader, truer view of security across the organization’s full solution toolkit.

Go beyond the typical password and enable 2-factor or multi-factor authentication.

Multi-factor authentication (MFA) is the addition of something you know or have -- like your smartphone or a digital key -- that is separate from your primary source of authentication.

Enable MFA to prevent unauthorized account logins and keep your applications and information safe. With MFA, even if someone discovers your username and password, without that additional piece of information, they cannot log in. A layer of independent authentication is an easy way to help protect your organization’s accounts and data.

Use token-based authentication like SAML whenever possible

Security Assertion Markup Language (SAML) is an authentication standard that eliminates the need for passwords completely by using tokens from a pre-configured trusted source instead of a username and password. Enabling SAML means that username and password pairs can be removed, it also decreases the number floating around in your environment, and the potential for account compromise.