If you will be collecting and storing sensitive data such as Personally Identifiable Information (PII), Protected Health Information (PHI) or eCommerce transactions on your website, you will want to add strong user authentication to prevent data breach. We can help you evaluate several options for two factor authentication and password management that will provide airtight accountability and protect you from data breach risks resulting from weak user credentials and poor password management.
2FA Gives Identity Theft the Finger
Two Factor Authentication (2FA) extends user authentication solely based on knowledge of username/password with a second factor based on possession of a hardware device, such as a smartphone or key fob. These devices are simple to use, touch activated, very affordable, and extremely secure thanks to the latest advances in cryptography and cloud-based services. You can completely eliminate the risks posed by weak passwords that are easily compromised with social engineering attacks, brute force attacks, and phishing attacks. Password policies are rendered useless by poor user habits and choices involving passwords, however, with 2FA in place, you can be assured user authentication is unassailable.
Bill Bartlett is a 2FA advocate and seasoned software developer with a career in cryptography, data breach compliance and service oriented architecture (SOA). He has developed a website that provides links, demos and source code for evaluating several options for providing two factor user authentication. Bill is available to consult with website providers on risk analysis of existing single factor user authentication and evaluation and implementation of 2FA from among several options.
Many of the data breaches you read about in the news, such as Sony, were the result of weak user credentials that were compromised. If your website collects sensitive data that is accessible by administrative users, you need to take steps to protect yourself. The costs of compliance notifications and damage to your brand resulting from a data breach are a real risk. Why not differentiate your website as one that takes user security seriously. Remember, you can’t buy insurance the day after the fire!