Blog
Protecting Your Online Accounts: Best Practices for Strong Authentication 2023
As the twenty-first century
progresses, safeguarding our data is more important than ever.
According to an analysis, the average
data breach cost is already $4.35 million, and this figure will only rise.
To keep your data secure in 2023, enterprises should be aware of the most
recent security threats and act to protect themselves.
In this article, we will outline
the best practices for strong authentication in 2023. Read on.
1. Use Multi-Factor Authentication
MFA, or multi-factor authentication,
adds many stages to the login process. If a hacker has breached one of the
factors, the chances of another being compromised are low; hence having several
authentication factors provides a higher level of certainty about user login
security.
However, remember that each
security layer in a multi-factor authentication should be guarded by a separate
tag: something your customers know, have, or are. For example, if your customer
has assigned their phone number as the second tier of authentication, a one-time
password will be sent to the phone. As a result, if hackers do not have the
phone, they cannot obtain the code, which means they cannot log in.
Significantly, you should Metaverify your accounts to build customer trust and
credibility. This will ensure that hackers cannot use your account to target
your customers, as it would lack the verification source.
2. Increase Password Length and Reduce the Focus
on Password Complexity
In the past, password security
advice has mainly emphasized the establishment of difficult passwords, although
this frequently leads to reusing existing passwords with small variations.
"Complexity requirements place an extra burden on users, many of whom will
use predictable patterns to meet the required 'complexity' criteria,"
according to the National
Cyber Security Council.
Attackers know these methods and
utilize this knowledge to improve their attacks. The National Institute of
Standards and Technology- NIST and Microsoft propose a minimum password length
of 8 characters for user-generated passwords, with a maximum password length of
64 characters for more critical accounts. This enables the use of passphrases. A
passphrase is a password comprising a sentence or a string of words. It helps
users remember lengthier passwords and makes brute-force guessing harder for
hackers.
3. Eliminate Regular Password Resets
Many companies ask employees to
update their passwords regularly, usually every 30, 60, or 90 days. However,
recent research
has revealed that this password-security approach could be more effective and
improve security. Users typically have many passwords to remember; therefore,
when compelled to perform a periodic reset, they will resort to predictable
behavioral patterns such as selecting a new password that is merely a small
modification of the old one.
They could change a single
character or add a sign that appears like a letter (for example, ! instead of
I). If an attacker already knows the user's password, cracking the upgraded
version should be relatively easy.
4. Limit Session Length
Session length is an
often-overlooked aspect of security and authentication. You might have a
compelling reason to keep a session active indefinitely. However, in terms of
login security, you should define thresholds
for active sessions, after which you should request passwords, a second
factor of authentication, or other ways of verification to allow re-entry.
5. Get a VPN and Use It
Using a VPN-virtual private
network when connecting to the Internet over a public network. Assume you go to
a coffee shop and join a free Wi-Fi network. Someone else on that network could
start searching through or stealing the files and data delivered from your
laptop or mobile device without your knowledge. The hotspot's owner could be a
thief, sniffing secrets from all Wi-Fi connections. A VPN encrypts and routes
your internet traffic through a company-owned VPN server.
6. Password Hashing Is a Must
Passwords should never be stored
in plaintext. Instead, use password hashes that are cryptographically strong
and cannot be reversed. These can be generated using PBKDF2, Argon2, Scrypt, or
Bcrypt.
It is critical to salt the hash
with a value unique to the login credential. You should refrain from utilizing
outmoded hashing technologies such as MD5 and SHA1, and you should never employ
reversible encryption or try to design your hashing algorithm.
7. Biometric Authentication to Your Rescue
Biometric authentication is a
powerful authentication and identity solution that depends on an individual's
unique biological traits, such as fingerprint, retina, face recognition, or
voice, to validate the individual's authenticity.
The key advantage of biometrics
is that a hacker must be physically present in the individual's vicinity to
obtain the information required to defeat the login. That is only sometimes
doable!
8. Screen Passwords Against Blacklists
According to a Google/Harris
survey, password reuse is a serious problem, with 52% of users using the
same password for several accounts. Credential stuffing attacks have
dramatically increased due to this risky activity, as hackers try to make money
off the billions of compromised credentials available for purchase on the dark
web. With the same compromised password, hackers can access several user
accounts by exploiting these stolen credentials.
Bottomline
The stakes are huge, and there
are legitimate security concerns. A hacker might suddenly halt your company's
production, sink revenues, collapse your stock price, and do real-world
devastation with a hacked password.
Password security best practices
are as much a personal choice as locking the doors at night. Maintain the
security of your people, processes, technology, partners, clients, and
intellectual property by ensuring that everyone follows password security best
practices.
Notably, employees and IT teams
alike may struggle to operationalize behavioral changes. However, the rewards
are well worth the effort and point to a bright future.
