Ensuring the security of our data and its accessibility is crucial to prevent cyber fraud. Adopting the ‘least privilege access’ principle is essential. This approach ensures that only individuals who require specific data within an organization can access it. The primary reason for this strategy is that, should a password be compromised and cybercriminals infiltrate a user’s computer or account within your organization, they would be limited to accessing only a fraction of the data the organisation possesses.
Alongside the least privilege access principle, having a robust password policy is vital. Common questions we encounter include:
How lengthy should the password be?
What complexity is adequate?
While there isn’t a single definitive answer, various professional organisations and guidelines suggest passwords ranging from a minimum of 8 characters to as many as 14 characters. However, they often allow users to set passwords of up to 64 characters.
At Matrix Internet we believe a minimum of 10 characters be used for a password, with a recommendation of 12 characters ideally. A 12-character password takes 62 trillion times longer to crack than a six-character password! (Read this Scientific American article to explore The Mathematics of (Hacking) Passwords) These passwords must contain at least:
Multi-factor authentication (MFA) is commonly referred to as 2-Factor Authentication. It involves using an app on your phone that generates a regularly updated code. To log into a system, you’d need to input your username, a secure password, and the current code from your device.
On-device authenticators play a crucial role in ensuring data security. However, as pointed out earlier, this falls under MFA, which can encompass:
Incorporating this level of security significantly raises the barriers for attackers trying to infiltrate your systems. Not only would they have to decipher or pilfer the password, but they would also need access to your mobile device, email, etc., on top of possessing the username and password.
At Matrix, we’re believe that while having robust passwords is undeniably essential, pairing them with Multifactor authentication is not just beneficial, but necessary. Taking this step can greatly bolster your security. Given the increasing amount of data stored in the cloud and the fact that certain organizations maintain web servers containing sensitive information, it’s imperative to extend your password policy and MFA to these servers. That said, we contend that these servers require further protective measures. For a conversation about these supplementary safeguards, get in touch with our team!
By Brian Power
By Aoife O'Driscoll