Master Password, Firewall and Sign-in Attempts
Verizon’s 2018 data breach investigations report made for sobering reading for many company heads and IT departments. It pinpointed that the vast majority of security breaches stemmed from poor password practice by employees.
There have been many big firms caught out already. In 2016, Dropbox had 68 million user accounts compromised, thanks to a single non-secure employee password. In 2016, an Uber employee left a vital password un-encrypted online – this was then used to hack into the company’s system and leak the details of 57 million drivers. The firm was fined $148 million dollars.
Businesses need to take employee password security seriously, and a corporate password manager plan is a smart way to go about this. So, what tools has 1Password added to its business service with Advanced Protection to help prevent your company being the next one to hit the headlines?
Master password policy – Advanced Protection now allows companies to dictate the minimum, medium and strong requirements for passwords, as well as defining a custom policy for character length, numbers and symbols.
Two-factor authentication – Enables companies to enforce two-factor authentication across entire teams, including which secondary factors are acceptable validation. This can work with a physical security key, such as Yubikey, or via an authenticator app. You can read more on two-factor authentication below.
Firewall rules – You can set your own company-specific rules for Firewalls. This means that companies can choose which IP addresses to allow through, and which to block, as well as blocking users from certain countries. Companies can also choose to stop their employees from using VPNs or TOR.
Sign-in attempts – Allows companies to see attempted sign-ins, including information such as where they come from, the device that was used in the attempt and the IP address. It’s also easy to group and browse failed sign-in attempts by region.
Keen to try a password manager for yourself? You can try 1Password for free
The Importance of Two-Factor Authentication
Two-factor authentication (also known as 2FA) has long been adopted by major tech companies such as Google and Apple. It provides invaluable protection to users when logging into a device or account. The way it works is that a user’s password is no longer the magic key to the kingdom, if they are trying to access a site or service. Instead, they also need a second form of identification, to really prove they are who they claim.
For most services, this is typically adopted when a user tries to access content from an unrecognised device. To take Google as an example, when a user attempts to log into their account on a laptop, tablet or phone that isn’t recognised, Google can send a code to their mobile phone, which they must enter on the site before they are allowed to continue.
This is just one example, and there are many any ways to approach two-factor authentication, including a dedicated authenticator app, and a physical usb key that generates code. Any of these methods adds an extra step to the login process, making it harder for nefarious access.
Not convinced? Research from Google earlier in the year found that two-factor authentication is effective in blocking 100% of bot attacks. Not only that, but it was also shown to catch many bulk phishing attempts, as well as targeted attacks. Simply put, two-factor authentication works.