4 Rules of Thumb Regarding Passwords and Authentication

Many people believe passwords are dumb.  They store their credentials for easy login, or maybe even leave the password blank if the app allows. For IT managers, forcing users to come up with a strong, unique password is definitely not an easy task.  Resting on convenience over security, many people would prefer to use familiar names and dates or simple phrases they can remember.  Even when IT departments try to enforce best practices there is often a struggle between honoring those standards and influencing user behavior.

Relaxed password standards allow users to set passwords that may be as easy to guess as they are to remember, and very strict requirements for strong and complex passwords often results with users storing passwords in document files or on post-it notes on the monitor. Setting password standards and managing the policy implementation requires a balance between usability and security, but more often than not the balance skews toward simplicity. Yet passwords aren’t going away any time soon, even while biometrics and multi-factor authentication methods grow in prominence.

It is most likely that new technologies and standards will be combined with passwords to protect critical data. Using only a password to protect information may not be the ultimate in security, but it is important to recognize that passwords remain as a key element in any security model. For now, passwords should be as strong and unguessable as possible.  As technologies and standards rise up to meet the demands of users as well as enterprises, there are likely to be changes in how passwords are used. Here are 4 rules of thumb to consider regarding passwords and where authentication technologies are going.

1. Your face might be your password.

Biometrics won’t fully replace passwords right away, but the use of biometric data for authentication is growing rapidly. Face recognition, fingerprinting and voice identification are all being employed as authentication mechanisms and users are embracing the technology because it is easier to use than a remembered password.  Smartphones and PCs have sensors for reading fingerprints and cameras for seeing faces, and microphones for hearing your voice.  Many systems are also now able to use geodata with the biometric data (matching person to place), making it harder to compromise an identity while also being less disruptive to the user. While the technology isn’t foolproof, it represents a major step towards creating more secure systems without placing the responsibility strictly on the user.

2. Two pieces of ID are better than one.

The point of multi-factor authentication is that there are two different pieces of evidence a user must present in order to gain access. For example, a password may be the first piece of evidence presented, with a pass code sent to a mobile device as a second. Even as biometric authentication grows in prominence, industry participants recognize that no single method covers all the bases all the time. Multi-factor authentication is gaining in prominence as users become more familiar with the methods and the implementations become less intrusive. AI may also influence how these systems are applied. As user behavior and transaction parameters are “learned”, systems can identify activities that fall outside of normal routines and additionally prompt users for single-use pins or passwords sent to their mobile device.

3. Businesses should learn from past mistakes.

With news of hacking, ransomware and malware being daily fare, companies and their users are realizing that password security really is important and are stepping up their security efforts. The information is available to help prevent businesses from making the same mistakes that others have, offering worst case scenarios a’plenty to learn from.  Using default passwords and recycling passwords across work and personal accounts, using unsecured network connections, not encrypting files that contain password information and failing to patch or update systems and software are entirely preventable situations that put information at risk. Taking the reports seriously and identifying mistakes to avoid is highly useful in designing security for the business.

4. There’s a growing ecosystem for authentication.

With the number and type of systems requiring authentication – from industrial control systems to dating websites – there is a great and growing need to find highly secure methods of authentication that are actually usable for the user. Even in the world of blockchain there is a need for “identity assurance” and confirmation when documents or biometrics are captured via smartphone. Fast IDentity Online (FIDO) is a set of security specifications for strong multi-factor authentication, developed by the FIDO Alliance. The FIDO Alliance includes members such as Google, Aetna, Amazon, Microsoft, Bank of America and Samsung, and developed the spec as an initial basis for standardizing authentication across platforms and systems at the client and protocol layers.  

Technology is changing rapidly and solutions once reserved for government and large enterprise are now entering mainstream consumer use. You’ve probably already noticed that banking and other apps are employing the use of fingerprint and other biometric data with increased frequency as users demand easier access to applications and features from their smartphones and other mobile devices.

These technologies sometimes replace traditional password entry as the primary means of authentication or augment password use in some manner. Even MasterCard has announced a component in its payment card solutions that allows users of next-gen payment cards to register their fingerprint data on their credit card.

The push is to allow users to interact with their tasks without putting up barriers to access.

A combination of usability and enhanced protection, the new standards are developing to address not just system security but identity verification for various purposes. Corporate information must be secured and so must personal identity information; simply read the news to understand what can happen when digital identity information gets compromised.

Whether the data is business or personal, keeping hackers and bad actors away from it isn’t easy, so strengthening the most basic first layer of protection – the password – is the best place to start.

Make Sense?

J

Next Generation Accountants and Businesses

Understanding the value and application of information technology is the cornerstone of building a successful “next generation” accounting or consulting practice. Professionals are finding that new opportunities to engage with new and existing clients comes from closer involvement with client financial and operational systems. Collecting and analyzing data, integrating applications and automating data exchanges, and leveraging cloud platforms and services is rapidly becoming the next level of “standardized” service offered by many professionals.

The pace of change is increasing, which makes it increasingly important for business owners to wisely select their technology partners and solutions. While many accounting professionals consider themselves to be the business owner’s trusted advisor, their clients often seek advice on increasing efficiency and reducing costs from software and IT consultants instead.

Yet conditions will change and could force the client business to make adjustments that impact the applications and services supporting the operation. Do the solutions in place have the agility necessary to meet changing business needs, being adaptable enough to meet new conditions or orientations? This is where accounting professionals can help their business clients make the right choices to address current and potential future needs.

Even as information management paradigms continue to shift, accounting professionals can help their business clients achieve better business performance and profitability through innovating workflows and increasing process efficiency. Whether or not the existing systems lend themselves to these efforts remains the question, and represents an area where the professional could provide great value.

Accounting professionals should look at services they can provide to clients that have direct and meaningful impact on operational efficiency and resultant profitability.  These areas represent not simply cost and efficiency improvements, but speak to quality of service and sustainability as well, creating better and repeatable outcomes that can support the operation even as operating conditions may change.

Improving data collection and analysis provides the foundation for understanding more about the operation, and delivers the insight required to identify areas where performance might be improved and then to prove the outcome.

Automating data exchanges and imports, eliminating redundant entry and the potential for manual errors, establishes structure in processes which can then be streamlined to deliver consistent and predictable results.

Utilizing cloud platforms and services allows the business to utilize the infrastructure required to support operations while providing a level of affordable scalability that doesn’t push the business beyond its reasonable boundaries.

What this discussion touches on is the subject of digital transformation and what that really means for small businesses and the accounting professionals who support them.

Rather than performing the accounting and financial work as after-the-fact participants, accounting professionals should help their business clients take a new view of processes and activities performed throughout the business, identifying areas where new approaches can be applied to increase efficiency as well as agility, developing a stronger foundation for growth and profitability. 

From the adoption of paperless and electronic workflows to merging social media with marketing and support activities, digital transformation represents an ongoing effort within a business to fundamentally shift from manual processes to electronic exchange, and expanding considerations beyond physical boundaries to include the virtual, as well.

All of this represents new opportunity and enhanced value for the accounting professionals ready to help their clients become “next generation” businesses.

Make Sense?

J