By Joe Schembri
Last week, I provided a quick summary of identification and authentication. Continuing with this, today I’ll dive into why these factors are so critical for remote access solutions.
Why Identification and Authentication Are Important to Secure Remote Access Connections
With remote access, users are not under LAN administrative control, which exposes the network to increased security risks. By providing remote access, the internal network can be more vulnerable to security breaches. Since remote access is mainly dependent on the public Internet, identification and authentication are critical to properly secure internal networks against threats such as unauthorized access by verifying all users who attempt to access secured data.
Strengthening Security with User ID/Password Combinations
Although user ID/password combinations aren’t the strongest type of identification and authentication, they are the most common. If a company must use this as a security strategy, here are a few tips to improve security:
- Limit the number of allowed login attempts before locking the user out of the system.
- Enforce strong passwords, requiring at least eight characters with a combination of letters, numbers, and special characters. Remember, longer passwords take more time to crack so the more characters the better.
- Require users to change their password periodically — 90 days may suffice for regular users but administrators should be more frequent such as 30 days.
- Prohibit the use of names and words found in a dictionary as passwords.
Ease of Use Promotes Compliance
Allowing users to connect remotely has been around for some time now because it can provide a host of benefits in our increasingly mobile workforce. However, companies should always make sure to provide adequate security to protect data and systems. In addition, every effort should be made to make security provisions as easy to use and maintain as possible since users tend to circumvent measures that are too burdensome or difficult.