After a big data breach year like 2014, enterprises and individuals are still on edge about having personal and customer information at risk for attack. Authentication is an important factor to consider when staying safe online. Namely, do the websites you visit frequently enable the right authentication checks to ensure you are who you say you are?
Passwords alone may have been a dependable means of authentication more than 10 years ago. But now almost any information can be found online and used maliciously. A motivated attacker can find out a lot about an individual by doing a Google search, checking Facebook, or looking through public records. A professional hacker has even more resources and more knowledge about how to get the required information to crack a password or to crack your security questions. While security questions serve a useful purpose, they don’t contribute as an official second form of authentication.
Passwords are a basic protection for an individual, yet “123456” still holds the top spot on Worst Passwords lists. This is just one of the reasons why many companies and services are opting for two-factor authentication.
Two-factor authentication consists of something a user knows (a password) combined with something the user has such as a security token, client certificate, or one-time password. Since there are big companies that still do not use two-factor authentication, this leaves a user vulnerable to data breach if a hacker were to gain access to his/her password because most Internet users reuse passwords.
A multi-factor authentication approach wards off intruders by requiring the user to complete many stages of authentication. The user must know something (password), possess something (security token), or verify who they are (biometric information, such as a finger print) to be granted access. In one study, SafeNet found that cost is the biggest inhibitor to authentication adoption. At the same time, employee usage of multi-factor authentication is supposed to double between 2013 and the end of 2015.
When referring to identifying an individual online, two-factor or multi-factor authentication is often the right approach. But when talking about identifying an organization online, a different authentication process should be used: digital certificates, specifically EV SSL Certificates. These certificates come from a trusted third-party and require a variety of verification checks before the certificate is issued. You could say the process is a type of authentication vetting, and in addition to other checks, the organization must prove they are who they say they are in order to gain a green padlock symbol in the address bar.
Authentication improves—and can save—a company’s reputation beyond the online space. Studies have shown that users are more likely to trust a website that uses an Extended Validation Certificate with private information. Data breaches are going to continue to be an issue for enterprises that put security practices on the backburner. Enabling multi-factor authentication and using EV SSL Certificates is a best-practice approach to protecting your company.