Passwords: good practices to follow

Although they are regularly criticized, passwords are still the most widespread means of authentication. If the passwordless approach tends to develop and to limit their use, they will remain, in many cases, the only means of authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows… More. To overcome the vulnerabilities of passwords, several good practices must therefore be implemented in order to strengthen the access security.

Secure your passwords in 4 steps

When it comes to passwords, you probably already know the most common best practices. However, not all of them are applied:

• Change default passwords: This rule does not apply to all applications since many of them require the user to choose a new password when creating the account. Although, some services or applications have a generic password by default, identical for all newly created accounts. Therefore, the only differentiating element is the access login. If you do not change your password, any person who is also a client of this service / application (and who therefore knows the default password) can potentially access your account if they know that you are a client of the same service.
• Create a complex password: The purpose is to create a password that is impossible to guess and tedious to crack. The use of personal information is therefore banned because it is easily accessible via social networks. Passwords must also contain enough characters to resist brute force attacks and at the same time contain numbers, special characters and not correspond to a common name in order to be protected against dictionary attacks.
• Differentiate passwords: Although it is tempting to reuse passwords for practical reasons, any password exposed on the Internet is null and void and can no longer be used under penalty of facing an attempt of usurpation on the various accounts accessible via the same password. The only way to effectively protect yourself from this risk is to have a unique password for each application / service.
• Hide your passwords: Passwords must not be communicated or written down on documents, so that they remain secret and known only by you. However, this is problematic when you have many passwords that follow the good practices mentioned above (complex and different passwords for each service / application). In this case, the use of a password vault can allow the user to manage this multitude of complex passwords without compromising security.

Upgrade your authentication methods

Once these best practices are in place, the challenge is to associate these simple passwords with other authentication methods to further improve the level of access security. The first thing to do is to check if the accessed application allows a reinforcement of the authentication. This can be done by using OTP (One Time Password) authentication, which is available and compatible with Systancia Workroom Session Service and Systancia Cleanroom Session Service. This increases the level of trust in the identity of the employees from which access permissions are derived, thereby reducing the risk of data leakage without complicating the user experience.

Systancia Cleanroom Session Service also allows to go further in terms of access security since it integrates a continuous authentication functionality. This allows to verify, thanks to behavioral biometrics (based on the way a person uses the mouse or types on the keyboard for example), that the user who has connected via his login credentials is still the same one during the whole session.

Beyond these two examples, there are many other means of strengthening authentication, but passwords, which are often the only means of authentication available for a certain number of services or applications, must respect the good practices set out to guarantee a satisfactory level of access security.