Passwords Are a Pain
Let’s face it, even with all the hints I have provided covering creating, managing, and storing passwords, it is still a painful process. Passwords can be stolen from you and used without your knowledge. They can also be captured as part of a website or company breach and made public, available for threat actors to use to compromise the sites you visit. Fortunately, the future will likely be passwordless.
What Does “Passwordless” Mean?
A passwordless login removes the need to provide a password, whether it’s one you need to remember or keep in a password manager. You may still need to remember an identifier like a username or an email address. Still, you’ll prove your identity through some other ways.
Now, there are only limited implementations of passwordless services. The end goal of many of the large technology providers is to remove passwords altogether, making it so you can’t log in with a password. Recently, companies like Google, Microsoft and Apple all agreed on a new standard of passwordless logins.
Some companies, such as Microsoft, already provide passwordless logins for their cloud services, such as Office 365 and Azure. They offer a simplified login process for their Windows computers using Windows Hello, making it possible to log in with your face, a pin or a physical key. Apple devices also provide some of the same methods.
What Can I Do To Go Passwordless Now?
One of the most significant benefits of going passwordless is simplicity. While most people have adjusted to using password managers, there are still passwords (like master passwords) that need to be kept in your head.
By going passwordless, you can verify your identity without remembering anything. You may need to authenticate with a mobile app or scan your face or fingerprint, and that’s it.
Use Windows Hello, FaceID and fingerprint readers to log in instead of passwords.
When using your password manager, enable the fingerprint authentication option instead of needing a master password.
Buy and use a Yubi Key
Another secure method is a physical security key. Offered by Google, Yubico, and other vendors, these keys connect to your PC via a USB port, Bluetooth, or NFC and require authentication through a PIN or fingerprint scan. The downside is that you must spend money to buy one of these and must keep the key with you.
I use Yubikeys to protect my most valuable accounts, such as my primary email address, Windows and Microsoft logins and password manager. While you will need to remember a pin for the Yubikey, the pin can’t be stolen or captured, and a threat actor would need to steal the key from you, know what sites you use with the key and then type the correct pin.
Enable Passwordless as Soon As It Is Available
Some services like Microsoft 365/Office 365, Azure and any service linked to a Microsoft account, such Xbox can go passwordless. It will require you to install the Microsoft authenticator app on your mobile phone, but once set up, all you will need to do to log into any Microsoft service is type your email address and the service will send your mobile a prompt.
In my first post on passwords, I talked about developing a password strategy that looks something like this:
If you have followed the series, you should now understand the steps to getting control of your passwords and improving your password management. You shouldn’t expect to get your passwords perfect overnight. I have followed most steps above for a few years and still have passwords I could improve.
The key is to focus on the most critical sites and services, where you are most vulnerable to attack, and on those sites or systems where the impact would be the greatest.
That’s the end of our posts for this year. We will return with some new security awareness topics in the new year.
If you are worried about the security of your pharmacy systems and want to know how you can implement strong security in your pharmacy and protect yourself from ransomware, speak to your Corum Customer Success Manager or contact us on 1300 669 865.