Users often find passwords annoying, even though they can cause security gaps if used carelessly. A Google study has shown that not even 10 percent of users switch to the more secure variant of multi-factor authentication (MFA) because it seems too complex to them - and that after their account has already been hacked.
In fact, any method of authentication is a balancing act between ease of use, security, and practicality. A solution that is supposed to replace passwords must be equally effective in all three points and better in at least one of them. One possible solution is invisible multifactor authentication (iMFA). In contrast to today's MFA solutions, which usually rely on a password combined with an SMS, a one-time password via email or a physical token, iMFA works with factors that are invisible to the user. However, this method is not yet ready for practical use.
Save time with encryption
However, there are alternative solutions for companies. You should slow down the attackers by robbing them of their most valuable resource: time. A good first step is to make the credentials from bulk hacking harder to read. To do this, companies need to update their password security procedures. Where passwords are hashed with MD5, they should upgrade to a more secure solution like bcrypt. Then an attacker who hacked into a database would have to spend a lot of time decrypting the compromised log-in data - before he could even start an attack.
Outsmart attackers through behavioral patterns
Another possibility is to force attackers to develop a separate attack for each target. Many criminals target companies that can be attacked with the same software, in other words, targets with similar infrastructure. However, since the attackers repeat behavior patterns in many companies within a very short period of time, they can quickly collect enough data to detect the attack. However, this only works if companies and security providers share this information.
It is impossible to immediately detect 100 percent of the attacks 100 percent of the time. It is possible, however, to make the attacks so costly that most cybercriminals quickly give up and look for easier targets.
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.
Matching articles on the topic