Many studies and experts have all come to the same conclusion, passwords aren't very effective in securing data. Complicated passwords are hard to remember and with the uptick in keylogging and phishing attacks, many stolen passwords end up on the dark web anyway.
Here are what pros are doing to keep data safe.
Advance to the next slide to begin the gallery
The National Institute of Standards and Technology published new guidance in August on how to strengthen passwords. Research shows that the de facto standard practice of requiring users to include a mix of uppercase and lowercase letters, numbers and at least one symbol, is more trouble than it’s worth.
Instead of a password or fingerprint being the only barrier to entry, Aetna’s new behavior-based security system monitors user devices and how and where a consumer uses that machine. “Binary authentication controls work well when the assumption is that only the consumer has the password and remembers it. That assumption, however, is no longer valid,” said Jim Routh, chief security officer at Aetna.
In 2016, more than three billion passwords were harvested from breaches by criminals in the U.S., according to Shape Security.
It might not be the lack of the latest security technologies that cause a data breach but, instead, a simple misconfiguration in a software system or cloud service. Something as simple as the use of a default setting can potentially provide access to an unrecognized third party or expose sensitive data such as passwords.
Two-factor authentication, by its very nature, is a stronger way of safeguarding networks. In addition to “something you know,” which would be a username and password, a user would be required to provide “something you are,” a biometric measure like a fingerprint or “something you have,” like a token.
Hospitals not already using modern tools for two-factor authentication, such as facial recognition and push notifications, should take note of how they can block malware and other common cyberthreats.
"Brute force" attacks are on the rise. The trial-and-error strategy is when programs attempt to decode encrypted information such as passwords or data encryption standard keys through tremendous effort (i.e. brute force) rather than using more specific strategies. The problem is that remote desktop protocol services do not typically have robust security, instead relying on unsophisticated log-ins and passwords.
Hackers gain access through phishing and keylogging attacks. In March, an Evolve IP report found that more than 76 percent of stolen passwords can be found on the dark web.