Increasingly, our passwords are under threat. As more of our services move to online platforms and as we increase both the amount of business we do online and the number of information systems required to do our jobs, so our passwords become more numerous, more valuable and more vulnerable. We are all told to never reuse a password, but that is easier said than done, we are told never to duplicate our logins, but how many can we reasonably remember? How long should a password be? How complex should a password be? How easily can I reset a password when I've forgotten it (again)? The password problem is a recurring one and some surveys estimate that up to 50% of IT Helpdesk calls are password related, in my own experience that has increased to 80% in certain circumstances. Password problems can have a significant impact on costs to your organisation or business, even to you personally, but there are cost effective strategies and systems that you can implement to reduce the impact and cost of forgotten passwords.
Authentication management consists of a number of different types of application where the system users hand over control of their passwords to a dedicated password management system, such as:
- A login vault or safe where login credentials are encrypted and stored and access is gained by a long master key or password. This can work well for small teams who need to share credentials for systems. This can also work well for individuals that have a lot of passwords to remember and can work across multiple devices, this allows for unique and more complex passwords without the need to remember them. The disadvantage here is that access to all your passwords can be gained by knowing just one, the master, which then becomes more valuable but can also be far more complex as it is the only one you have to remember.
- A single sign on system where many passwords and usernames are stored for many individuals and used to login to business systems automatically, this works best in corporate networks across business applications but can be quite costly and some integration will be required with whatever system you use to log users into their devices, such as Microsoft Active Directory. These systems are similar to password vaults but instead of having a single master password for access to all passwords in the vault, access is limited only to the individual users passwords.
- 2 factor authentication systems where the username and password is enhanced by an additional one time password that refreshes constantly. The 2 factors referred to are something you know (password) and something you have (a 2nd factor token or mobile app). Examples of this are Vasco tokens and Google Authenticator.
- Alternatives to passwords exist, such as certificate based authentication, using AES 256 encrypted certificates takes away the need for a username and password but is currently limited in application and prone to deployment problems, however, it can work very well for logging into wireless networks and similar applications.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.