Stop Data Security Loss with One Time Passwords

Many companies use basic authentication such as a username and password to provide security to important information and resources. That is now being recognized as insufficient to protect critical data from loss due to malicious hacking activity. Hackers use advanced dictionary attacks, viruses, and key-logging to get the passwords they need to remotely enter database systems and take sensitive data like credit card numbers complete identity information.

If a username and password can be discovered, malicious hackers from anywhere in the world can use the information to remotely enter systems. Although there are alternate solutions available, many organizations continue to use regular single-factor authentication due to the belief that more secure solutions are either too complex or costly.

There are three levels of authentication security available:

• 1 factor authentication: Something you know – for example a username and password.

• 2 factor authentication: Something you know and have – username, password, and a device.

• 3 factor authentication: Something you know, have, and are – username, password, device, and physical feature like retina or fingerprint pattern.

There are usually two main factors that drive data security adoption within organizations. The first is mandatory requirements of a group that the organization belongs to, and the second is the desire to prevent the loss of customers by keeping their data secure.

Mandatory security rules are imposed by organizations like the Payment Card Industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA). For law enforcement, users that want to be able to access the FBI Criminal Justice Information System (CJIS) and the National Crime Information Center (NCIC) have to meet stringent security requirements, one of them being two-factor authentication.

With mandatory public disclosure of record loss a necessity, companies are improving their security policies to prevent the access of users to critical information. Instead of using common administrator level usernames and passwords, users are now required to login to critical databases with their own usernames, and they are assigned privilege levels that match their information access needs. These actions should improve the ability of organizations to safeguard their sensitive information and prevent loss due to malicious hacking, as long as the passwords are kept secure.

The introduction of smartphones like the iPhone and Android have made the use of two-factor authentication much more straightforward. With the use of a clustered application server that manages authentication and its connectivity to various end-user applications and directory servers, two-factor authentication can be implemented in a reliable and easy-to-use process.

The 2 factor authentication server is placed in between the remote access device, for example a firewall, and the directory server. The end-user has a client device that is synchronized with the server, and is given a one time password that can be used for authentication. This setup provides the user an easy-to-obtain password that changes every time it is used.

There is significant opportunity for improvement in data security at most companies. Two-factor authentication is an inexpensive and effective method that can be used as part of an overall security policy to keep critical information secure.

Related Posts

• Precautionary Measures That Need To Be Executed By Small Enterprises For Their Own Safeguarding (0)
• Minimizing Insurance Policy Rates For House And Business Proprietors By Way Of Additional Security Measures (0)