Technology changes at a very fast pace. Users struggle to keep up, but hackers seem to always find the vulnerability in the system to cause havoc on the network. One of the most common vulnerabilities are passwords and how easy it is to crack them to gain access to network resources. The days of creating a password without restrictions on length or complexity are over. The National Institute for Standards and Technology has proposed the standard for passwords and their complexity.
SP 800-63-3 recommends generally that password policies should be made more user friendly. It suggests, for instance, that applications allow all ASCII and UNICODE characters and eliminate complex “composition” rules (i.e. no more of the “you must use one capital letter, one special character, one Fibonacci number…).
CloudTech Advisory’s Take: Users are not very good at creating strong passwords. Without multi-factor authentication a password should have a larger minimum password length. The word password should be changed to passphrase. A passphrase would take the place of the password and become extremely harder to crack. An example passphrase would be: the lazy brown fox jumped over the river.
SP 800-63-3 recommends that administrators utilize multi-factor authentication whenever possible though notably, NIST wants to phase out use of SMS as a second factor in light of recent reports of SMS vulnerabilities.
CloudTech Advisory Take. Multi-Factor Authentication is the next generation of securing access for users. When you mix a strong password or passphrase with this technology the possibility of compromising a user account become virtually impossible.
Multi-Factor Authentication can be used to authenticate many different types of applications. Some examples would be remote desktop, Office 365, published applications, website access, etc..
The typical cost is between $3 & $6 per user on a monthly basis. Cost depends on the features that you would need.
Cloud Technologies recommends that you move all your external access users to multi-factor authentication. Security is a top priority and your data is your greatest asset!
For more information on multi-factor authentication or backup and disaster recovery call Cloud Technologies at (205) 484-2400 or email [email protected]