With World Password Day looming on 5th May, Michael McKinnon, CIO of Tesserent is warning Australian businesses to strengthen their defences and not just rely on passwords, given the backdrop of heightened risk of cyber-attacks not just from Russia, but also attackers from other parts of the world.
“With cyber-attacks at an all-time high, it is critical that Australian businesses do not rely solely upon passwords for data protection. Strong and unique passwords are critical, but must be accompanied by identity platforms that offer multi-factor authentication or biometrics. Never underestimate the ability for foreign and local threat actors to easily steal and crack passwords,” he warns.
“With global cybersecurity challenges evolving, passwords as a sole protector are no longer enough, and haven’t been for a while. If your business doesn’t do more, then you’re already well behind the curve and at significant risk,” stresses Michael.
The concept of using passwords is not new. People have been using passwords for thousands of years. But in today’s world where correctly authenticating a user can carry critical importance, a password, without any other form of authentication or proof of identity, is not enough. Additional protections such as identity platforms and multi-factor authentication are truly must-haves.
Michael says that most Australian organisations still rely on outdated password policies such as forcing staff to update passwords frequently, like every 30 days, which has been proven to make life harder for users and even weaken security. Back in 2003, Engineer Bill Burr from National Institute of Standards and Technology (NIST), created many of the password rules many still take for granted, and he now regrets the guidelines he wrote. However, passwords still have a place as organisations transition to other tools for validating identity.
Michael stresses the best approach is to look for authentication tools that are easy to use and proven to strengthen security. “Tools like facial and fingerprint recognition on smartphones proves it’s possible to create strong but simple ways to prove your identity. These can work alongside passwords, allowing organisations to smoothly transition to new authentication tools and methods.
“One-time password generators, biometrics and multi-factor authentication are all mature technologies that rely on established standards that can be leveraged by organisations to protect their valuable information assets,” he adds.
