Every security expert knows that there are two parts to successful security: encryption and authentication. While the responsibility for effective encryption lives predominantly in the hands of the experts, the responsibility for effective authentication really lies in the hands of every Internet user. Although there is a continual debate over best security practices, there are several indisputable authentication methods that every individual user should incorporate into their security etiquette. Using effective authentication could mean the difference between secure and exploited personal data.
Authentication is the process of verifying that each party really is who they say they are in an online transaction (not just monetary transactions, but any online exchange). Internet security relies on multiple forms of authentication: machine authentication and user authentication. Machine authentication, again, lies in the hands of the experts, although users should check to make sure they are only trusting sites with Extended Validation SSL. User authentication is when the individual user becomes responsible.
User authentication is something you use everyday, even if you are not aware of it. Every time you log onto a site with your username and password you are authenticating yourself as the rightful owner of the account you are using. When user authentication is effective, it means that only you have access to your online accounts—including private information such as credit card numbers, social security numbers, and other forms of identification. When your user authentication is exploited, hacks occur, and then private information is made public or sold for a profit.
While passwords are the primary method of authentication that individuals and companies use today, passwords are failing over and over again in protecting private information. Some of the biggest breaches in the past couple years have been due to weak or stolen passwords. As this article on ZDNet puts it, “In cybersecurity circles, it's generally accepted that humans are the weakest link in the chain. The most common slip-up is using a poor password that can be easily guessed by a dictionary or brute-force attack.” The human factor of passwords makes them the most exploitable, and most targeted.
As the market research company Frost & Sullivan notes in an executive brief titled You Are the Target—But You Don't Have to Be with Effective Authentication, passwords themselves are no longer sufficient. “Passwords, even the most elaborate passwords, are not secure unless they are supplemented by other factors associated with the individual.” While this knowledge that passwords are no longer sufficient is common knowledge among those in the security industry, the average Internet user is arguably not aware of the intense vulnerability that even good passwords can have.
We’ve said it before, and we’ll say it again: multi-factor authentication matters. If you’re unfamiliar with the term, it refers to a multi-step process that thoroughly authenticates individual users who are signing into their accounts. Multi-factor authentication does not rely solely on the use of strong passwords, but instead incorporates a variety of methods of physical authentication in addition to strong passwords. These physical authentication methods can include:
While these methods may seem highly complicated, they are actually not so difficult. One-time passwords, for example, can be downloaded for free from the Apple or Android app stores, and then incorporated with any website that will enable a one-time password. Even Google has its own authenticator that you can use on a variety of websites.
The bottom line is that user authentication is the responsibility of the individual. Recent hacks have found that many users are still using incredibly weak passwords, and are therefore increasing their risk of being hacked. Effective authentication could make all the difference in saving your information, and from saving you the physical and monetary costs of having your own information exploited.