We all depend on secure computer network communications. From personal banking, travel, healthcare and communications activities, to national security and global financial systems, we are constantly at risk for harm by cyber attacks. Depending on the type of attack and information accessed by criminals, the results can potentially be devastating.
Cybersecurity professionals use supplemental passwords to help prevent cyber attacks and protect sensitive data.
Why Passwords are Insufficient
Passwords are a great basic level of protection for securing data. But passwords are easily unlocked by cyber criminals, and are not sufficient for fighting today’s cyber attacks. People often use passwords that are easy to guess, such as a name or common words found in the dictionary, rather than using combinations of numbers, letters and special characters. Some technology users even share their passwords with others.
Computer software used by hackers can effectively crack short passwords or passwords made of common names and words. Without supplemental safeguards, attackers can easily access sensitive information, such as Social Security numbers or medical records, and exploit it for malicious purposes. Supplementing passwords can serve to deter these efforts.
Additional Levels of Security
Extra security means making it more difficult for cyber criminals to access data. These additional forms of verification are often used to supplement passwords:
- Two-Factor Authentication: With this form of verification, an additional piece of information is required. Just as when two forms of ID are required to cash a check or when two keys are needed to open a safe deposit box, two-factor authentication stops hackers from gaining access to data by simply guessing a password. Often, the second form of verification is a one-use code, which offers an additional level of security. This mechanism is often used by corporations and remote access services.
- Personal Web Certificates: Similar to certificates used to verify websites, personal web certificates are used to identify users. Along with the verification process, a website can utilize personal web certificates, along with public and private keys to authenticate users before granting access.
- Biometrics: Biometrics-based security uses a physical attribute, such as a fingerprint or retina scan, to verify identity. It is most often used to keep hardware, such as mobile devices and laptops, secure.
Recovering Lost Passwords and Certificates
Because they are required for accessing websites, mobile devices, internal systems and laptops, it’s not uncommon for people to forget their passwords. In addition, hard drives can fail or require reformatting, rendering personal web certificates invalid. In such cases, many systems can issue new passwords, once a person’s identity is verified.
The most common way to authenticate a user is through a series of secret questions, which are chosen when an account is created. When a password is being reset, the system asks the secret questions and the user must provide answers that match those on file. However, because so much personal information is shared online, hackers may be able to provide answers to basic questions like “What is your father’s middle name?” or “In what city were you born?” One way to fool cyber criminals is to set up accounts with false answers to these questions. To keep from forgetting the answers, keep them in a safe place until they are needed.
Password Supplementation Provides an Extra Layer of Cybersecurity
When sensitive information falls into the wrong hands, it can become expensive, inconvenient and even dangerous. Cybersecurity professionals know that supplementing passwords can help prevent the financial, economic and personal harm that cyber criminals cause when they hack into networks or individual devices. At a time when cyber crime is on the rise and everyone is at higher risk, cybersecurity training provides in-demand skills that can help keep vital networks secure.