The Importance of Security and Two-Factor Authentication

Taking a passive approach to security in this day and age is a huge risk that could end up to be disastrous for any business, or person. People and businesses are targeted every day by hackers and it has come to my attention how much of an impact Two Factor Authentication can make, as well as many other changes you can make to make sure your business operates securely.

Two Factor Authentication, also known as 2FA, two step verification is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them i.e. a code that will be sent to their phone as soon as they have logged in. This will then enable access.

Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and compromise personal data.

Companies and individuals who use services that doesn’t support TFA, could have increased risks of getting hacked in to, therefore enabling this for every service in use is very important, especially if they store critical data. Thus a good idea is to build out and launch TFA across the organisation you work for, or enable it for your personal accounts i.e. Twitter, Facebook, Gmail.

A good strategy to follow, in terms IT governance could include making sure all members of staff who deal with working software and solutions (I.e. software developers/ testers) undertake basic security training. Designing or outsourcing a program within this is very important and is an aspect of security that many developers fail to focus on. It primarily exposes the basic elements of security and ultimately aims to vastly reduce the number of vulnerabilities (within their code).

Encrypting all access tokens, emails, and any other identifiable data you store can also reduce risks to a breach of security. This protects the confidentiality of digital data stored on computer systems. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it, referred to as cipher text. Unencrypted data is called plain text.

Finally, a good way of locating, tackling and repressing bugs within a service is to create a (bug) bounty program. This is a deal offered by many websites and software developers by which individuals can be recognised and compensated for reporting bugs, especially those pertaining to exploits and vulnerabilities.

Reference

Do Software Developers Really Care About Information Security?

How to think about security at startups

Encryption: Definition

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: