New public awareness campaign inspired by the White House calls for users to think more carefully about stronger authentication.
1. Start by setting strong passwords.
Close to three-quarters of Americans surveyed by the National Cyber Security Alliance (NCSA) believe that their accounts are secure with usernames and passwords. The NCSA’s Michael Kaiser says while passwords alone aren’t enough anymore, most people also need to improve the passwords they do use. He says too many people still use easy ones like “1234” or short words based on their kid’s or dog’s names. The The NCSA advises “A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, ‘I love country music.’)”
2. Consider password managers
It takes some extra planning, but it’s really important to at least have separate passwords for your online banking and your work accounts. Fortunately, there are many tools available today to help people and companies manage multiple passwords. Check out Intel Security’s True Key, Last Pass, Zoho Vault, Keeper Security or any of these other password managers for business use.
3. Investigate security keys
The NCSA recommends using a small device that plugs into a USB port that you have when logging onto the computer. Security keys such as the YubiKey are an easy and inexpensive way to deliver two-factor authentication. The YubiKey costs $40 to $50 and is readily available on Amazon.com. RSA and Symantec also offer similar devices at affordable prices. They are hardware tokens that a user carries around with them at all times. When a user wants to log on to his or her online bank account or a special corporate account, the system would not allow them to access the account until they have been authenticated with the hardware tokens. “People understand security keys and except for carrying around the fob, they integrate well into most people’s busy lifestyles,” said the NCSA’s Kaiser.
4. Use biometrics
Millions of people already use biometrics via the Touch ID on their iPhones or Android devices and at least in their personal lives will come into contact with biometrics through their phones. Expect to start seeing increased use of retinal scans, facial recognition, and voice recognition at work. Companies are also rolling out Touch ID apps to access important business applications.
5. Use one-time codes as a second factor
The NCSA points out that more websites are also sending out one-time codes so users have a second layer of authentication. A one-time code may get texted via SMS right to your phone or may be generated by an app and quickly expire. The purpose of the one-time code, and all second factors of authentication, are that if somebody manages to steal or guess your password, that password alone is not enough to gain access to your account. Google, Twitter and Facebook, among many others, now offer this feature.
Find out more on how to protect yourself and business at: http://cyber.aspida.org