One of the key issues with using only username and password for authentication purposes is the single point of failure. If one device is compromised, then all accounts on that device are compromised as well.
Two-factor authentication (2FA) or multi-factor authentication (MFA) is an easy way to solve this problem. This requires two or more independent pieces of evidence (factors) to verify a user’s identity when they attempt to log in or access data. By deploying 2FA/MFA in its environment, an organisation is taking the first and according to Nexus, the most important steps towards protecting the organisation against a potential cyber attack.
Here Nexus offers some of the common risks an organisation faces when using passwords as the only authentication option:
1. Users tend to reuse the same password for multiple services and devices. In many cases, the passwords being used are of a weak character and therefore easy to both guess and hack.
2. Passwords to different systems and applications are often shared between several users and sent through non-secure networks. This makes it easy for unauthorised individuals to access information and passwords since organisations never fully know who has access when accounts are being shared. In today’s work environment, it’s not uncommon for colleagues to share an account, meaning the username and password are shared amongst multiple people. Whether it’s written on a post-it or sent in an email, this is an easy way for non-authorised people to get hold of critical information.
3. Hacking and password cracking techniques are becoming more sophisticated. Therefore, even though strong passwords are used, these techniques can still easily break the code. Many times, the result of one single password in the wrong hands can put an organisation hostage in a ransomware attack.
4. Organisations do not know when a hacker has gained access to company passwords, or they discover the breach way too late. Without having the proper tools and processes in place many companies don’t even realise that a password has been compromised. Often, it is a lack of a clear cyber security strategy that would ensure that the correct measures are in place to recognise suspicious activity or unauthorised users in systems and applications.
Nexus recommends the implementation of a Zero Trust model for both people and devices as soon as possible. The company also advises removing passwords for all admin accounts and protecting them with MFA.
The next step, suggests Nexus, is to minimize the overall use of passwords in the organisation and transfer all users to smooth and easy-to-use MFA solutions.
Nexus enables Smart ID with password-less authentication and simplifies the full lifecycle management of users’ digital identities on smart cards, mobile phones and laptops. With the Smart ID platform, organisations can utilise ready-to-use workflows, automation and self-service functions to strengthen security and ensure strong authentication for their workforce and workplace devices.