Passwords, codes, biometrics? What are the most secure authentication methods?

While computer attacks are on the rise, a large number of people still neglect security during authentication. For this reason, according to a recent study conducted for IBM, more than one in eight people say they reuse the same passwords and credentials. About one in three write down their information on a piece of paper.

However, securing authentication is necessary to not let an intruder through. If no method guarantees zero risks, it is interesting to know which ones are the most recommended according to the uses.

The password bonus for blogs or forums

A password can be interesting for some jobs, such as accessing a forum or blog. Be careful to take certain precautions in its elaboration.

A password must be at least 12 characters long. To create it, it is also advisable to choose a sequence of words that do not have links together. It is best to replace letters with uppercase, lowercase letters, special characters, and numbers. Also, think that the password should be different for each of your accounts. It should ideally be changed every three to six months.

Note that you must avoid keeping them clear if you can not memorize them. In order not to reveal them, especially when authentication takes place on a remote server, it is better that they have transformed thanks to an irreversible and secure cryptographic function. It will incorporate salt or a key.

The most of long and complex passwords

This style of password should prevent the success of a “brute force” attack, consisting of finding a password by successively testing a large number of possible combinations. It must also avoid a “dictionary attack”, a cryptanalysis process that systematically tries all the words in a given dictionary. He must also thwart the “Password Spraying”, a process that tries the passwords most often used. It is also normally a barrier against the decryption of encoded passwords extracted from a database by a hacker, as the decoding of long and complex words takes too long.

Cons

However, these passwords do not prevent other “traditional” attacks such as phishing, or malware.

The password manager is increasingly used on different platforms

In order to ensure more security, it may be necessary to use, especially on a large site, password managers. No need with these to remember different passwords or manage them on different platforms. All you have to do is remember a single password, called a “Master Password”. It is a kind of big key that allows you to open a multitude of small padlocks. To create a strong password, you can use the method described above.

You can choose between online managers that sync sensitive data, such as password or credit card numbers, or online managers that store passwords locally.

The most of the password manager

In the benefits department, the password manager is well equipped. The 256-bit AE standard, also used by the military, involves 14 rounds of substitution, transposition, and mixing for a very high level of security. The manager automatically encrypts passwords and databases. A brute force attack has almost no chance of success.

It is also impossible for a provider to know passwords. The zero-knowledge protocol encrypts these before they leave your device. When they arrive on the company’s server, the provider has no tool to decrypt them.

Let’s indicate that you can strengthen security with different options. Some providers offer to analyze the dark web to see if information about you appears online. Using a VPN to encrypt your data can also be interesting. Just like using the hashtag to scramble passwords or an automatic notification system to notify you when your system suffers a breach. Also, note that you can use two-factor authentication (2FA) or biometric authentication to benefit from an additional layer of security. It is also better to choose local storage of passwords for more control.

Cons

Vulnerabilities and security flaws have been observed in vendors in recent years. For example, recently it was revealed that Kaspersky Password Manager’s pseudo-random number generator did not produce strong enough passwords, which exposed them to a brute force attack. But in most cases, the problems were solved in time and did not cause casualties.

The useful security USB flash drive to access servers

Using a U2F key can make sense. Whether it is to go on social networks, on the sites that host your files, secure access to your own servers, or access your online banking.

This one looks like a “traditional” USB stick. It is based on the open standard called U2F, for Universal Second Factor and supported by the FIDO alliance, for “Fast IDentity Online”. Inside the key, a secure chip contains a unique encrypted key of which you are the sole holder.

The pluses of the security USB flash drive

Regarding the benefits, the unique code generated by this key is impossible to recognize and intercept. It replaces passwords with strong hardware authentication with private/public-key cryptography. In addition, the fact that it is a physical object makes this type of security particularly relevant against phishing, unlike the 2FA method. For example, you can secure access to sites like Facebook, WordPress, or Twitter.

Cons

Unfortunately, while some platforms are compatible with this key, others are not. Compatibility mostly depends on sites that can change their policy whenever they want. In addition, some browsers are not compatible. Also, the USB flash drives used may require an adapter on some devices. Also, be careful not to lose the key. Consider placing a spare one in a safe.

Asymmetric cryptography to encrypt messages

Asymmetric cryptography, or public-key cryptography, is an encryption method that uses two keys: a public key and a private key. They are mathematically similar but they are not identical. When a person wants to send an encrypted message, they can retrieve the recipient’s public key from a public directory. This encrypts the message before sending it. The recipient of the communication can decrypt the message using the associated private key.

Many protocols use this process, such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer), which allow HTTPS (Hypertext Transfer Protocol Secure). The method is used to encrypt emails. Software programs such as browsers also use this process. This allows them to set up a secure connection on an unsecured network like the Internet or to peer a digital signature.

The most of asymmetric cryptography

One of the main advantages of this system is, in addition to encrypting messages, to bring increased security because users are not obliged to share their private keys. In addition, the sender cannot deny the sending of a message: the use of digital signatures is activated so that a recipient can evaluate whether a message comes from a particular sender.

Cons

The process is slower than symmetric cryptography. Also, it is not about losing the private key. In this case, it becomes impossible to decode the messages. A private key can also be read by a hacker.

Biometrics, ideal as a second layer of protection

Biometrics is based on the unique biological traits of the user. In a very short time, a facial recognition tool can recognize if these characteristics coincide with those stored in its database. These methods are often used for smartphones and laptops. Windows Hello face uses a camera specially tuned for near-infrared (IR) imaging. Face recognition is used to authenticate and unlock Windows devices as well as Microsoft Passport.

The most of biometrics

The use of biometrics is interesting because it does not require a card, mobile phone, or key, or even to remember a password. It is also relatively secure as long as biometric data is stored securely. Another advantage is that biometric features are very difficult to replicate with current technologies.

Cons

Level annoyances, the database can be hacked. Machine learning and algorithms must be developed to avoid bias and avoid discrimination and exclusion. There may also be false positives and inaccuracies in the authentication of the author’s identity.

Leave a Reply

Your email address will not be published. Required fields are marked *