RSS feed Get our RSS feed

News by Topic

BizReport : Internet : February 19, 2016

Brands: How to approach security in 2016

From thumbprint access to mobile devices to bio-retinal password protection, the security space is changing quickly. One expert weigh in on just what brands need to be aware of, from a security perspective, in 2016.

by Kristina Knight

Kristina: We've been hearing a lot about new kind of passwords from bio-retinal scans to Apple's upgraded thumbprint to access phones. Do you think traditional passwords are beginning to phase out?

Bill Carey, VP of Marketing, Roboform: Each time a technology company comes out with a new biometric security option, they declare that Passwords are dead. And yet, somehow, passwords are still with us, and they're not going away anytime soon. There's a reason passwords remain the first line of defense against data breaches: They are convenient, inexpensive compared to available alternatives, and can be changed when needed.

Instead of trying to put an end to passwords, I think it would be better to talk about using both passwords and a second or third authentication factor. Multifactor authentication is a great solution. This approach uses more than one type of security, including authentication factors that typically comprise a hardware or software token, a password or security question and a biometric component where practical. Multifactor authentication significantly strengthens security without insisting that users abandon security practices that they are comfortable using.

Kristina: What is the key for passwords to actually protect customer data and information?

Bill: Using strong and unique passwords for each website is the number one thing a user can do to protect themselves online. Passwords that include both upper and lowercase letters as well as numbers and symbols withstand hacker attacks better than simple passwords. And it goes without saying that the longer the password the better.

Kristina: How often should a consumer change a password?

Bill: It's generally recommended that users change their passwords every 30-60 days. That said, it also depends on the sensitivity of the data on the website. I'd recommend changing passwords more often for bank and financial websites, but changing passwords often on non-sensitive sites like news aggregation sites is probably overkill.

Kristina: What about businesses - many have mandatory password changes every 6 months. Is that enough?

Bill: It depends on the sensitivity of the data that the employees are working with. When employees access sensitive data, it's recommended that they change passwords often, whereas passwords for non-sensitive information can be changed less frequently.

Image via Shutterstock

Tags: business security, online security, password security, Roboform

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.