Let’s face it. Passwords are a downright pain in the neck. They’re hard to remember, easy to steal, and offer a relatively poor level of cybersecurity. This is concerning when you consider that 80 per cent of cyberattacks leverage stolen or weak passwords.
As well as often being insecure, passwords are also frustrating to use. Many organisations force their employees to change passwords regularly, increasing feelings of frustration. Faced with this, it’s common for people to change just one character or add a number at the end.
Another weakness occurs because some people use the same passwords at work as they do at home. Having the same password for Netflix as you do for your corporate CRM system is far from ideal because, if the personal password is stolen, it could be used to access corporate systems.
Security and productivity
The challenge for organisations is to overcome the limitations of passwords while not having a detrimental impact on staff productivity. One of the most effective approaches is the introduction of multi-factor authentication (MFA).
MFA involves the use of a range of elements such as something an individual knows (a password or phrase), something they have (a hardware token or mobile device) and something they are (a fingerprint or face). These elements are then combined in different ways depending on the organisation’s security requirements and acceptance by users.
Successful adoption of MFA will require good communication with users. It will need to be ‘sold’ as something that will make their daily lives easier while also improving their level of cybersecurity.
IT teams should explain that one of the key benefits of MFA is that it will allow the introduction of single sign-on (SSO) capabilities. This means users will be able to sign in just once and then have access to all the applications and data sources they require to get work done.
Rather than having to remember and manage multiple passwords, a single password combined with MFA and SSO will give them secure access to the resources they require.
Users who might be wary of additional complexity can be reassured by being told they won’t have to carry a separate device or punch in long codes as part of the process. If push-notifications are used, all they will need to do is touch the screen of their smartphone.
Deploying MFA
Effective deployment of an MFA and SSO infrastructure requires a four-step process. These steps are:
- Plan: First, determine which corporate applications will be covered by the new capability. Check for those that offer Security Assertion Mark-up Language (SAML) support as this will help to establish a trusted relationship between the application and the organisation’s identity provider.
- Deploy: Formulate a deployment plan and decide whether the new infrastructure will be rolled out across your organisation or in stages. At the same time, conduct an MFA / SSO education campaign for users to let them know the changes that will occur.
- Monitor: Once the new infrastructure is in place, carefully monitor its usage and identify any challenges that users might face. Listening to feedback is important to ensure the new capabilities are adding as much value as possible to the organisation.
- Adjust: Use feedback received from users to adjust the infrastructure as required. Also, look to add further applications to extend usage even further.
The combination of MFA and SSO has the potential to simplify life for users while also improving cybersecurity levels across your organisation. The days of grappling with multiple, insecure passwords will become a distant memory.
Mark Sinclair, ANZ Regional Director, WatchGuard Technologies
