The new Apple iPhone 5S Touch ID fingerprint scanner has commentators talking about the future of password security. The device uses fingerprints to unlock users’ phones and enable actions such as making iTunes purchases. This is intended as a partial replacement for passwords, leaving many wondering where security is going. Device protection standards are changing rapidly, with business and consumer Internet users becoming increasingly aware security starts the second you log in.
Passwords are dead, Google information security manager Heather Adkins told a TechCrunch Disrupt panel in September. Adkins referred to how security experts at Google and elsewhere are increasingly relying on two-factor authentication and other innovations as primary security measure, subordinating the significance of passwords.
Two-factor authentication supplements passwords by requiring another identity verification requirement, similar to how an ATM machine requires both a physical card and a PIN number. Two-factor methods include identifying the device attempting to connect to the network, requiring account holders to answer an automated phone call and enter a PIN number, or sending a PIN code via email that must be entered when logging in.
But passwords are not really dead yet, remaining one of the factors in two-factor authentication and making it important to apply best practices when choosing them. This is getting harder, as popular hacking software recently leapt from being able to crack 15-digit passwords to cracking 55-digit strings. Still, until the industry at large adapts to this innovation, some guidelines remain in effect.
The basic mathematical rule is: the more possible character combinations, the harder the hack. This is why security experts advise to mix capital and small letters, numbers and punctuation marks into passwords. This is also why longer character strings are safer.
A few other guidelines apply: Don’t use obvious character substitutions, such as changing the “pass” in “password” to “pa55.” If you have to answer security questions when choosing a password, use nonsensical answers, instead of something easy to guess. Don’t reuse passwords and security questions on more than one account. Finally, protect the security of email accounts you use for password recovery.
A password is only as secure as its supporting network, and recent security scandals have some companies pulling back from cloud computer networks. Actually, recent research by AlertLogic has demonstrated cloud servers are not inherently less secure than on-premise networks, and are often less vulnerable to certain types of attacks. However, this issue does underscore the need to choose a host with a strong security policy. Use resources such as http://InternetProviders.com to help you find a provider with rigorous security standards.
Remembering the Human Side of Security
Malicious attacks and human error cause more security breaches than technical problems, a 2013 study by Symantec found. One typical problem arises when employees transfer corporate data off the company network and don’t delete it. Train your employees to follow good security policies, and require them to use authorized devices when logging into your network.
Words by Todd Birch who has been building websites for many years and writes about his experience for SEO and Web hosting websites.