Why Identification and Authentication Matter, Part 2

Posted: June 19, 2012 in 2 Factor Authentication, IT policy, Rethink Remote Access
Tags: , , ,

By Joe Schembri 

Last week, I provided a quick summary of identification and authentication. Continuing with this, today I’ll dive into why these factors are so critical for remote access solutions.

Why Identification and Authentication Are Important to Secure Remote Access Connections

With remote access, users are not under LAN administrative control, which exposes the network to increased security risks. By providing remote access, the internal network can be more vulnerable to security breaches. Since remote access is mainly dependent on the public Internet, identification and authentication are critical to properly secure internal networks against threats such as unauthorized access by verifying all users who attempt to access secured data.

Strengthening Security with User ID/Password Combinations

Although user ID/password combinations aren’t the strongest type of identification and authentication, they are the most common. If a company must use this as a security strategy, here are a few tips to improve security:

  • Limit the number of allowed login attempts before locking the user out of the system.
  • Enforce strong passwords, requiring at least eight characters with a combination of letters, numbers, and special characters. Remember, longer passwords take more time to crack so the more characters the better.
  • Require users to change their password periodically — 90 days may suffice for regular users but administrators should be more frequent such as 30 days.
  • Prohibit the use of names and words found in a dictionary as passwords.

Ease of Use Promotes Compliance

Allowing users to connect remotely has been around for some time now because it can provide a host of benefits in our increasingly mobile workforce. However, companies should always make sure to provide adequate security to protect data and systems. In addition, every effort should be made to make security provisions as easy to use and maintain as possible since users tend to circumvent measures that are too burdensome or difficult.

Joe Schembri has over 10 years of IT and IT security experience and currently works with Villanova University’s online cyber security training programs, including the CISSP training prep program. 

Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s