Written By: Chet Hayes

At Vertosoft we are participating in Cybersecurity Awareness Month to lend another voice to help raise awareness about how important good cyber hygiene is for individuals and organizations. For the past 17 years, IBM has commissioned the “Cost of Data Breach Report” study by the Ponemon Institute.  In this year’s report, the Ponemon study noted that the costs related to a data breach rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report. The most common initial attack vector which accounted for 20% of the breaches was focused on compromised credentials. 

What can an organization or individual do to help with the compromised credentials problem?  We believe that a multi-factor authentication strategy that utilizes two or all three of the recognized types of authentication factors can greatly improve the security posture and minimize the attack vector for a credential attack.  There are generally three recognized types of authentication factors. 

  1. Something You Know. This includes passwords, PINs, etc. 

  1. Something You Have. This includes items such as smart phones, smart cards, tokens that produce a time-based PIN, etc. 

  1. Something You Are. This includes items such as fingerprints, facial recognition, iris scans, etc. 

Something You Know 

First, if you must use some type of ‘password’, stop thinking about passwords and start thinking about passphrases. A strong passphrase is a sentence that is at least 12 characters long, and length is more important than complexity.  If you want to understand why at least 12 characters, check out this blog by Microsoft Security researchers The research concluded that passwords longer than 12 characters and had never been used before are the only passwords that have any meaningful effect. In addition to the conclusion about passwords, the research identified multi-factor authentication as having a significant impact on improving the overall security of an account.  

Something You Have & Something You Are 

Second, passwords and passphrases alone are not enough to provide adequate security. Enable 2-factor or multi-factor authentication whenever available on accounts. Most newer cellphones come equipped with a fingerprint scanner, and there are apps like Microsoft and Google Authenticator that can be used to generate time-based tokens. With MFA in place, a hacker would need to have several advanced capabilities to execute multiple successful attacks simultaneously to gain access. This is very difficult to do and reduces the chance of an account being compromised by over 99%. 

Multi-factor authentication solutions are often easy to deploy and relatively inexpensive. They provide simple but effective deterrents to would-be hackers while improving protection to both the individual and the organization. So do your part to be cyber smart and start using multi-factor authentication today!