4 Rules of Thumb Regarding Passwords and Authentication

Many people believe passwords are dumb.  They store their credentials for easy login, or maybe even leave the password blank if the app allows. For IT managers, forcing users to come up with a strong, unique password is definitely not an easy task.  Resting on convenience over security, many people would prefer to use familiar names and dates or simple phrases they can remember.  Even when IT departments try to enforce best practices there is often a struggle between honoring those standards and influencing user behavior.

Relaxed password standards allow users to set passwords that may be as easy to guess as they are to remember, and very strict requirements for strong and complex passwords often results with users storing passwords in document files or on post-it notes on the monitor. Setting password standards and managing the policy implementation requires a balance between usability and security, but more often than not the balance skews toward simplicity. Yet passwords aren’t going away any time soon, even while biometrics and multi-factor authentication methods grow in prominence.

It is most likely that new technologies and standards will be combined with passwords to protect critical data. Using only a password to protect information may not be the ultimate in security, but it is important to recognize that passwords remain as a key element in any security model. For now, passwords should be as strong and unguessable as possible.  As technologies and standards rise up to meet the demands of users as well as enterprises, there are likely to be changes in how passwords are used. Here are 4 rules of thumb to consider regarding passwords and where authentication technologies are going.

1. Your face might be your password.

Biometrics won’t fully replace passwords right away, but the use of biometric data for authentication is growing rapidly. Face recognition, fingerprinting and voice identification are all being employed as authentication mechanisms and users are embracing the technology because it is easier to use than a remembered password.  Smartphones and PCs have sensors for reading fingerprints and cameras for seeing faces, and microphones for hearing your voice.  Many systems are also now able to use geodata with the biometric data (matching person to place), making it harder to compromise an identity while also being less disruptive to the user. While the technology isn’t foolproof, it represents a major step towards creating more secure systems without placing the responsibility strictly on the user.

2. Two pieces of ID are better than one.

The point of multi-factor authentication is that there are two different pieces of evidence a user must present in order to gain access. For example, a password may be the first piece of evidence presented, with a pass code sent to a mobile device as a second. Even as biometric authentication grows in prominence, industry participants recognize that no single method covers all the bases all the time. Multi-factor authentication is gaining in prominence as users become more familiar with the methods and the implementations become less intrusive. AI may also influence how these systems are applied. As user behavior and transaction parameters are “learned”, systems can identify activities that fall outside of normal routines and additionally prompt users for single-use pins or passwords sent to their mobile device.

3. Businesses should learn from past mistakes.

With news of hacking, ransomware and malware being daily fare, companies and their users are realizing that password security really is important and are stepping up their security efforts. The information is available to help prevent businesses from making the same mistakes that others have, offering worst case scenarios a’plenty to learn from.  Using default passwords and recycling passwords across work and personal accounts, using unsecured network connections, not encrypting files that contain password information and failing to patch or update systems and software are entirely preventable situations that put information at risk. Taking the reports seriously and identifying mistakes to avoid is highly useful in designing security for the business.

4. There’s a growing ecosystem for authentication.

With the number and type of systems requiring authentication – from industrial control systems to dating websites – there is a great and growing need to find highly secure methods of authentication that are actually usable for the user. Even in the world of blockchain there is a need for “identity assurance” and confirmation when documents or biometrics are captured via smartphone. Fast IDentity Online (FIDO) is a set of security specifications for strong multi-factor authentication, developed by the FIDO Alliance. The FIDO Alliance includes members such as Google, Aetna, Amazon, Microsoft, Bank of America and Samsung, and developed the spec as an initial basis for standardizing authentication across platforms and systems at the client and protocol layers.  

Technology is changing rapidly and solutions once reserved for government and large enterprise are now entering mainstream consumer use. You’ve probably already noticed that banking and other apps are employing the use of fingerprint and other biometric data with increased frequency as users demand easier access to applications and features from their smartphones and other mobile devices.

These technologies sometimes replace traditional password entry as the primary means of authentication or augment password use in some manner. Even MasterCard has announced a component in its payment card solutions that allows users of next-gen payment cards to register their fingerprint data on their credit card.

The push is to allow users to interact with their tasks without putting up barriers to access.

A combination of usability and enhanced protection, the new standards are developing to address not just system security but identity verification for various purposes. Corporate information must be secured and so must personal identity information; simply read the news to understand what can happen when digital identity information gets compromised.

Whether the data is business or personal, keeping hackers and bad actors away from it isn’t easy, so strengthening the most basic first layer of protection – the password – is the best place to start.

Make Sense?


Cloud Hosting Benefits for Business Owners and Their Accountants

Two-TallThe concept of running applications in the cloud is not at all new.  In fact, there are literally millions of business users accessing hosted applications and cloud app services every day, and adoption didn’t reach those numbers overnight. While the value of running software such as QuickBooks in a cloud model may differ from business to business but the underlying benefits are there for all to achieve.

The main value for some business owners is in being able to access information and data while traveling out of the office or when working from home.  Using almost any portable computer or mobile device, business users are able to get information on customers, orders, payments, and other valuable data regardless of the work location.  Being able to keep tabs on the business even when they aren’t there is very important to some business owners and secure remote access has become essential for today’s mobile workforce.

Where mobility motivates some to move to the cloud, collaboration is what drives others. For public accountants and small business bookkeepers this benefit becomes essential to effectively delivering services to clients. Because small businesses and the professionals that serve them do not operate in the same locations, the ability to work in the same software and data at the same or different times allows business owners and their accountants and bookkeepers to work seamlessly together in support of the business.  Business owners benefit from better financial data in real-time, and the accounting professionals are able to deliver results without time-consuming travel and doing the work on-site.

Business owners and the accounting professionals supporting them end up realizing the benefits of improved IT, where greater predictability in performance and cost matters. Businesses need to focus on their business and not on the IT which supports it, and outsource professionals such as accountants and bookkeepers need to be able to work with clients efficiently and without having to invest in expensive tools and services to make it happen.

When a cloud platform is deployed for the client business it can not only deliver benefits to the business owners and operation. A cloud-based approach can also provide tangible benefits in worker efficiency and productivity through improved access to information for the professionals who support the business.

Businesses need technology to support their operations, and the requirement generally spans far beyond pure accounting and finance. Unfortunately, many outsource bookkeeping and accounting professionals focus only on the accounting or financial systems when considering a cloud-based implementation, failing to consider the critical aspects of the operational level applications which support the various functions of the business.

This is often where a cloud hosting approach meets business needs better than a single cloud app. With a cloud hosting model, the existing business software and data can be “enabled” to allow accounting professionals access to the complete realm of business data, putting them in a far better position to ensure that the information resulting in the accounting system is of high quality and may be trusted.

jmbunnyfeetMake Sense?