Data breaches have become more commonplace than many business leaders, public sector officials and consumers would prefer, especially as millions of individuals have been affected by major instances of exposure in the past few months alone. One study from the Ponemon Institute revealed that the most common cause of data loss and theft is employee error, followed closely by insider threats and negligence.
When looking at the most common types of device and system security, one would quickly see that passwords are the most popular form of protection. Researchers do not have to dig deep to see that simple passwords are also some of the most dangerous aspects of data protection, especially as users tend to either not have one in place, use the same one for a variety of accounts or choose the easiest one possible.
Passwords, in short, are useless in today’s highly tumultuous data security landscape, and multi-factor authentication has stepped up as the most feasible and effective replacement.
Dangers of traditional passwords
To understand why a business should consider replacing all of its older password and credential policies with authentication, it is first important to see what threats exist with older protection methods.
- Weak passwords: Dark Reading published a study from Verizon which found that 76 percent of network hacks can be traced back to poor credentials. Additionally, stolen passwords were the cause of 48 percent of data breaches, according to the research.
- Poor user experience: Passwords at their most effective will also be at their most arduous for the user. For example, a proper password strategy would involve highly complex combinations of numbers, letters and symbols, while no two accounts should have the same key. This is one of the reasons why users do not follow the best practices of password creation and maintenance, as well as what leads to errors.
Furthermore, the average company is not taking steps to protect its users’ information through recommendations for and evaluations of passwords. Cyber criminals are becoming more advanced, and continue to be advantageous in nature, meaning they will act on vulnerabilities whenever possible. As such, the old days of simple passwords and weak credentials must come to an end.
A case for multi-factor authentication
Necessity has long been the mother of invention, and businesses are already beginning to recognize the importance of stepping into the modern era of data protection. Multi-factor authentication vastly improves an organization’s, or individual user’s, protection compared to traditional passwords in several key ways:
- Intuitive use: A complicated policy of any type will be less likely to succeed because employees might not want to put in the time, or will have a greater risk of error. Multi-factor authentication bolsters ease-of-use and the overall user experience, reducing rogue IT and error.
- Harder to crack: Even when a password is tight, hackers can write scripts to crack the codes with ease. Multi-factor authentication, on the other hand, is a layered approach to data protection that is far more difficult to hack.
The advantages of switching to multi-factor authentication are vast, and considering the significant financial dangers of losing sensitive information, this adjustment to policies is critical for virtually all organizations.
About the Author:
Andre Boysen is the Executive Vice President of Marketing at SecureKey.