The problems with passwords are well known. System administrators leave passwords on their default settings. End users create easy-to-remember passwords that are easy to crack, they write them down, they reuse them, and they share them. Even passwords that look random may be easy to crack, if they map to words in a foreign language.

Discovering Passwords

It doesn’t even matter if users try to protect their passwords. Bad actors have lots of different ways to try to discover them, including:

• phishing:  sending users to a website where they enter their data

• social engineering: interacting directly with users and persuading them to share personal information

• keystroke loggers: malware that captures every key users hit

• sniffers: reading passwords from an unencrypted network

• cracking: attempting to decrypt or guess the user’s password

• password reset: using password reset systems to create a new password

• buying: data breaches have released large quantities of user data, including passwords, into the dark web.

Alternatives to Passwords

Alternatives to passwords either replace them completely or strengthen them by adding an additional authentication method.

Replace Passwords

Microsoft Windows 10 allows users to eliminate passwords completely and sign on to their system by entering a code texted to their phone. Microsoft also supports FIDO2 physical security keys and the Microsoft Authenticator app. Apple supports fingerprints and facial recognition for unlocking their devices.

Add to Passwords

The easiest way to make passwords stronger is to use a second method of identifying users in addition to the password. This is known as two-factor authentication (2FA). Some systems rely on “security questions” as a kind of 2FA, but this is really just a second password and doesn’t introduce much additional security. True 2FA requires users to identify themselves using two of the following:

• something they know, such as a password.

• something they have, such as a cellphone.

• something they are, such as a fingerprint or other biometric identifier.

Responding to Compromised Passwords

None of these new login methods are infallible. Facial-recognition systems have been fooled by twins, or even simple photographs. Cellphone numbers can be misdirected so login codes are sent to a hacker.

It’s important, therefore, to have effective methods of identifying and reacting to misused passwords. In general, misuse of passwords is recognized by changes in the patterns of use: the day of the week and hour of the day when the password is used and where the user is located when they log in. When misuse is detected, the IP addresses the user is connecting from can be blocked and the account disabled.

Passwords and 2-factor authentication are only two elements of a comprehensive cybersecurity strategy. Prescient Solutions develops custom information security solutions leveraging firewalls, intrusion detection systems, and other tools to provide high levels of security for your IT infrastructure. Contact us to learn more about how your can go beyond passwords to protect your data.