By Alma Pranoto

How simple is your password?

Our need for simplicity and often by utilising the same password for multiple accesses becomes one of our biggest cybersecurity vulnerabilities. Accessing your devices, emails, and accounts can be a chore especially when having to remember complicated and irrelevant passwords. But having simple passwords can backfire when it comes to hackers. Reliance on passwords alone leaves companies vulnerable, especially with weak passwords such as; 123456 which topped 2018 as the most commonly used and hacked password.

The increasingly realistic phishing emails and with the media regularly reporting about new leaks, almost all websites demand minimum lengths and character combinations to make passwords more secure. More companies are developing the cybersecurity awareness of their employees with training courses. 

In Singapore, 60% of businesses agree that their cybersecurity practices are outpaced by the rapidly expanding nature of cloud applications. Other inept security practices which allow cybercriminals to compromise your data include a lack of encryption appliance and multi-factor authentication. While data breaches can have a clear impact on a business' bottom line, it is not only the sophisticated cloud technology that has increased this problem but also the elementary security practices of most companies.

 

Advantages of MFA

A way to significantly strengthen your password is to combine it with other factors: multi-factor authentication (MFA). MFA is critical in protecting businesses from identity theft and unauthorised access to company data. MFA usually comprises of three key elements:

  • A password or pin only the user knows
  • Ownership of an item, for example, smart cards
  • And biometry, the voice or optics of the user 

As outlined above, one of the key advantages of MFA is that each layer supplements and accounts for the others' weakness. For example, the password that the user knows may be weak and easily hacked. But with MFA, unless the hacker were to obtain the above three elements, a breach is highly unlikely. MFA strengthens your security and is essential for cybersecurity. 

MFA also leads toward more compliance with international standards to protect the sensitive information of users, customers etc. For example, The General Data Protection Regulation (GDPR) does not specifically require MFA, but various provisions within the Security Rule highlights the need for a stronger authentication process. This process is none other than MFA.

Indeed, with cybersecurity trending as a top priority for many businesses, especially with the expansion of cloud technology, more and more companies are implementing MFA. Markets And Markets predicted that by 2022, the MFA market is set to reach USD 12.51 Billion. This shows that many organisations believe in the significant role MFA plays and how it is, right now, one of the best security measures you can implement to protect your company, your users, and their sensitive data.

Challenges of MFA

Nevertheless, MFA with smart cards is still not a standard in many companies. This is partly due to the costs for the introduction and daily operation as well as the administrative effort needed to maintain these smart cards. Companies need to discount approximately 10% of smart cards annually for loss, wear or theft. The maintenance is made difficult after the initial few years because the originally purchased smart cards are discontinued or only made available through a corresponding surcharge from the manufacturer.

Those who do not opt for a vendor-independent smart card middleware from the outset, are faced with further follow-up costs or even replacement fees for the complete hardware installation. All these factors can increase the total cost of ownership of physical smart cards and delay the use of MFA at the expense of security. 

 

Drivelock Virtual Smartcards

Identity and Access Management - our "smartcard middleware" and "virtual smartcard" offer.
 
Virtual smart cards (VCSs) imitates the same functionalities as a physical smart card, only they combine software and existing hardware, the Trusted Platform Module (TPM) which exists on many computers, to secure data. This makes VSCs significantly more time and cost-effective. 
 
VSCs work like physical smart card readers with an already inserted card and are recognised as such by the Windows operating system without any additional setup. They are bound to the respective device (e.g. PC or laptop) and are used like a normal smart card for the authentication in various scenarios including: Windows user login, web applications, e-mail signature and encryption, file encryption, VPN dial-up and many more certificate-based applications.
 

Virtual smart cards effectively diminish password vulnerability and strengthens your IT protection. 

Follow the link below to download a whitepaper and learn more about multi-factor authentication with DriveLock Smartcards:

 
Free download