Moore’s law states, to paraphrase, that the speed of computing processors grows exponentially, doubling roughly every two years. That’s fantastic news for businesses and users alike. More speed means more productivity. Less time waiting for systems. More work done.
However, there can be a downside to all that speed, and that downside is vulnerability.
Vulnerability particularly around passwords. In an electronic world, passwords prove that we are who we say we are, and make sure someone pretending to be me doesn’t get access to my corporation’s data.
Unfortunately, with modern computing power, even fairly basic hardware can attempt thousands of passwords a second. What this means is that a hacker with limited resources and a high-spec PC could crack many complicated passwords in days and common ones in seconds. In fact, by trying a long list of likely or commonly used words, reversed words and common character substitutions, passwords along the lines of “Password1”, “Chris2020”, or even “12345Mond@y!” are likely to be cracked instantly and should be considered already compromised.
Because of this, cybercrime, or “hacking”, has become big business; and it is very common. In the US an internet-connected PC will receive some form of cyber-attack every 39 seconds. More than 2200 attempts to gain unauthorised access every day! Online entities with any code knowledge, a high-speed connection and some funding for equipment hide behind VPN connections and target businesses matching selected criteria, which would be anything from “likely to be using weak passwords” to “responsible for a certain type of data”. It is so common and easy now that you can actually download apps which perform complex scans and attacks, so even criminals with little knowledge can perform damaging attacks upon businesses. Cyber security experts today will advise you that your business is at risk if passwords are your only protection because for them to be effective at keeping intruders out, they will be too cumbersome for users to manage.
For your business to become, and remain, secure in the world, you should implement Multi-Factor Authentication (MFA) along with a robust password policy. Using MFA your user accounts are protected by more than just passwords. To login you require the password and also a second or even third authentication method. Additional login methods can include biometrics such as a fingerprint or face recognition on your iPhone, Authenticator applications or code generators, and even physical “keys” with a unique identity which you would keep on yourself. By combining your password with another method of authentication, you are making it much more complicated for hackers to gain entry into your systems.
Chamonix’s Managed Services team works with our customers to implement and maintain secured environments. Multi-Factor authentication is a key part of any security strategy and is included within the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Essential Eight Maturity model. Chamonix is equipped to provide advice on what options are available and to assist in the implementation cyber security measures such as Multi-Factor Authentication.
Each organisation is different and it’s important to assess each individual organisation’s data and usages to determine which password policy should be applied and how Multi-Factor Authentication (MFA) fits within the cyber security controls for that organisation. Conditional access policies can be used to determine when a user needs to enter a second authentication method. For example, a user in the office may only require a password, but when accessing systems remotely they may be required to enter an authentication code. Such level of security will ensure that the business’ valuable work is not susceptible to external havoc.