Password authentication and management—it’s something we can all agree is important, but it’s also something most of us find difficult to do. That’s why many of us create easy-to-remember passwords and reuse them over and over.
In fact, according to a 2019 survey led by Google and Harris Poll, 52 percent of people reuse the same password for multiple online accounts. The survey also found that 31 percent of respondents are either intentionally not using multi-factor authentication or are unsure whether or not they are using it across their various digital accounts.
Let’s talk about the types of password authentication, and, realistically, how you can better protect your accounts.
What is Password Authentication?
Simply put, password authentication is when a password is used to ensure the individual requesting access to an account or application is the intended user. The password is checked against stored credentials within the system for validation.
Types of Password Authentication
Here are the three most common ways a system can authenticate access to an account:
- Traditional, knowledge-based authentication: Traditional passwords you store in your brain, on a Post-it note next to your laptop (eek!), or (ideally) in a password manager, fall into this category. The combination of letters and numbers you create becomes the key to unlocking your account each time you log in.
- Ownership-based: This type of authentication requires you to prove you own the account by either using a physical object, such as a key card, or utilizing multi-factor authentication to verify your identity.
- Biometrics-based: Authentication that is biometrics-based typically means you need to use something like a fingerprint or facial scan to access the account.
If you think about all of your online accounts, you likely use the first type of password authentication most often.
Tips for the Most Secure Password Experience
Here are a few tips to get the most secure experience out of traditional, knowledge-based password authentication:
- Use multi-factor authentication. If you’re not already, we strongly recommend setting up MFA as it provides you with an extra layer of security. Start with your most sensitive accounts (banking, bills, social media platforms) and check to see if multi-factor authentication is available. Here are links to instructions on how to activate MFA for common accounts: Facebook, Instagram, Twitter, LinkedIn, and Gmail.
- Don’t use the same passwords over and over. Using the same passwords for multiple accounts leaves you more vulnerable to hackers. Try switching things up while upholding proper password security guidelines to create unique passwords for each account (i.e., eight-character minimum, mixture of numbers and letters, capital and lowercase letters, numbers, special characters, etc.).
- Start using a password manager. Throw out that Post-it note with your passwords on it and start using a password manager to store all of your new, unique passwords (and even help you generate new ones, if needed). Top password managers include LastPass, Keeper, and Dashlane.
Contact us for a quick consultation to learn how your organization can tighten up and strengthen its cybersecurity defense efforts.