With increased threats of hacking and social engineering, passwords alone no longer suffice for account security. Many businesses have tried to combat growing security concerns surrounding passwords by enforcing strict guidelines that require users not only to include upper and lower case letters, numbers, and symbols in their passwords, but also to change them frequently. Unfortunately, such policies lead to password abuse such as password sequencing (Myp@ssw0rd, Myp@ssw0rd1, Myp@ssw0rd2), and lend themselves to reducing security.
Security breaches through password theft and social engineering continues to rise, increasing by 300% since 2012. Much of this is due to poor practices in regards to password security, according to Security Affairs. For example:
- 60% of people use the same password across multiple sites.
- 40% of people write their passwords down in order to better remember them.
- 63% of smartphone users do not use password protection on their device.
- 32% of smartphone users save their login information to their device.
- 72% of password theft victims do not know the source of the crime.
Social engineering and phishing attacks are also rising 26% per month. These methods of hacking account for about 39% of all cyber-crime. Social engineers need no knowledge of encryption or password cracking; instead they trick users into revealing their passwords through four key ways:
- Phishing: posing as a trusted entity to garner information through email.
- Hoaxes: someone appears to be in dire need of help and promises to reward the user handsomely if the user hands over bank account information.
- Shoulder surfing: looking over someone’s shoulder to steal passwords, PINs, or credit card information.
- Tailgating: physically following someone into a restricted or limited access area.
According to the Anti-Phishing Working Group, there were over 110,000 hijacked domains throughout 2013 as a result of 74,000 unique phishing campaigns. Brute force guessing is also used since so much information about users is already public knowledge via social media profiles because 26% of Americans are sharing more information on social networks than a couple years ago. Because of this, more than 600,000 Facebook accounts are compromised daily due to password theft, while 1 in 10 social network users have admitted to falling victim to a phishing scam. This may be because 25% of users do not even bother with privacy settings.
With all these facts compounded, it is clear that simple passwords and writing down complicated passwords are the surest ways to get personal information stolen. An ideal means to combat password compromising tactics is to implement multi-factor authentication, which is exactly what SingleHop has done for the LEAP platform.
Multi-factor authentication is a great way to protect businesses as it makes social engineering or password leaking more challenging. The process involves stages of identity verification if an entity is attempting to access the LEAP platform. In LEAP’s case, we use two factors; the user’s main login password and a second identification step through Authy for verification.
Because of Authy’s easy and quick integration, SingleHop was able to make this new security enhancement a reality. Some websites, such as Gmail and PayPal, use a text message or email code as the second authentication step, but Authy is a mobile application that provides time-based, one-time password algorithm. SingleHop chose Authy because it is built for large-scale applications with the end-user in mind. It’s a simple system with all the benefits of strong authentication. Authy is also widely available in iOS and Android systems, or if a user doesn’t have a smartphone, Authy can send SMS messages to determine the multi-factor authentication.
Special thanks to “Ben N.,” who submitted the idea for using multi-factor authentication in SingleHop’s LEAP platform at Ideas.SingleHop.com. The Ideas portal is a great way for customers to suggest features and upgrades to the platform. Here’s how it works
- Go to Ideas.SingleHop.com and submit an idea.
- SingleHop employees and other customers can vote on the idea.
- Once an idea has full support of the community it moves to development and is transformed from idea to finished feature.
It’s really that easy! As an example, multi-factor authentication took only two months to implement from an idea once the community had voted on it.
To take advantage of SingleHop’s multi-factor authentication, log in to the LEAP platform and click enable under Account Setting. It’s free and available now. The multi-factor authentication adds a very strong barrier to the account, making it very difficult for unauthorized persons or entities to access accounts or personal information. Also there’s a greater possibility that a hacker or social engineer will be detected when attempting to get through the second layer of protection.
Through SingleHop’s new multi-factor authentication for the LEAP platform, users can have peace of mind knowing their data and account information has superior security to protect them from outside threats.