Digital Authentication Best Practice

How can passwords be compromised?

• Brute force attack. This form of attack involves using software to try as many password combinations as possible.
  
  
• Dictionary attack. This involves using software that goes through the dictionary, trying every word until the cybercriminal gains access. Dictionary attacks attempt to bypass the difficulty generated by entropy by skipping lots of guesses that brute force would try.
  
  
• Social engineering and phishing. This is when cybercriminals masquerade as a trusted entity to trick you into willingly providing them with your password and other data. 

What pitfalls can you avoid to stop your password being compromised? 

• Use longer passwords. 8 characters is now the minimum on most services but try to aim for 12 or more characters.
  
  
• Use the maximum range of characters available, including upper and lower case letters and numbers, symbols, and punctuation.
  
  
• Don’t use only dictionary words or common keyboard patterns. Using Password1,  QWERTY or 123456 are some of the first guesses in a dictionary attack.
  
  
• Never reuse your password. The most common way passwords are compromised is from other data breaches. This means that if you have twenty different accounts, you need twenty different passwords.

What techniques can you use to create a better password? 

You can use the Bruce Schneier Method, which involves taking the first letter from every word in a memorable sentence. The sentence ‘My mother always packed my lunches’ could be used as Mmapml - and you could even substitute symbols or numbers for some letters for even higher entropy. 

Alternatively, you can use the passphrase method. It involves connecting multiple words into a long password. For example, 2Elephants3Cafes&4Plates?

Lastly, you can use a password manager. A password manager can generate long and complex passwords for you, with very high entropy. It can then keep track of a unique password for all the different services you use.

What are the improved authentication techniques? 

Limiting login attempts. A service administrator can limit the number of incorrect password attempts that someone can make before being locked out of the system. 

Multi-factor authentication (MFA). Also known as two-factor authentication, this method requires a user to provide two or more authentication factors before they are granted access to a system. 

Single sign-on and Third-party authentication. This uses the security of another identity platform to act as a form of authentication for a user. You might see this used with a corporate network or an external platform such as Google, Facebook, or Twitter.