The problem with passwords – and why the answer is two-fold

Hacks and data breaches are becoming the norm, as more and more aspects of our lives move online. Yet in many cases, the damage done could have been mitigated if users were using two-factor authentication to secure their accounts.

Why? While using the name of a family member, pet, or favourite holiday destination may make it easier for us to remember our passwords, it also makes it easier for hackers to guess them and steal credentials, or crack passwords with automated brute force programmes. Particularly as more than 80 per cent of people use the same password across multiple accounts.

The latest Verizon Data Breach Investigations Report shows 81% of hacking-related breaches last year leveraged stolen or weak passwords; an almost 20% increase over the previous year. This shows that the password problem is not just persisting but is getting worse. So, what can organisations do?

Two-factor authentication adds an extra layer of security

The password, an age-old authentication method, is not only simple for users, but also for cyber-attackers, as there’s only one level of security to overcome. Two-factor authentication aims to keep the simplicity for users, but prevent malicious actions by adding a second layer of security.

Two-factor authentication sounds complicated, but has been used by cash machines for years; you need both the card and the correct PIN to access funds. The same principle can be used online, where a PIN is sent to a user’s phone, proving they have both the account info and the associated device in their possession, preventing many of the issues associated with passwords and unauthorised uses of accounts.

The ability to deliver a one-time PIN is at the heart of two-factor authentication. One way to deliver a password to users is through a mobile app, but this relies on numerous pieces of the puzzle fitting together successfully: the user must download and activate the app, the app must be connected to each service, one by one. Not only that, but platform and version incompatibility can cause the apps to fail. The simpler option is text message delivery, as its straightforward, cheap and is accepted by almost every telephone.

The benefits for businesses

While two-factor authentication is one of the most effective ways for organisations to reduce cybercrimes such as identity theft, hacking and phishing, it also increases customer loyalty and trust. Companies that take two-factor authentication seriously are demonstrating to their customers that they take security seriously, which is vitally important as more and more of our information, daily lives and financial actions move to online platforms.

The fact is, when it comes to cybersecurity, two-factor authentication is no longer a ‘nice-to-have’, but the challenge is to create a universal system that works in every situation but doesn’t become an inconvenience for customers.

The need for expertise in this field is growing, but currently demand for computer science skills far outstrips the supply of qualified graduates. The University of York’s 100% online Masters in Computer Science with Cyber Security is designed for working professionals and graduates who may not currently have a computer science background and want to launch their career in this field. It equips graduates for a range of positions in security engineering, software development, programming and computer and mobile networks.

There is no need for campus visits as the course is delivered 100% online – this is your computer science Masters degree, on your own terms, in your own time. Choose from six start dates per year, enabling you to study around your current job and home commitments. There’s also a pay-per-module option available, so there don’t have to be any large upfront fees. Some students may be eligible for a government backed postgraduate loan which covers the cost of the course.

Find out more and begin your application