Tips for a Successful Authentication Program
Jul 23, 2010 Brian Bradley
Developing a reliable and effective authentication program will help an organization reduce instances of identity theft and prevent unauthorized access to personal data. It can also help to reduce costs, improve customer service and employee productivity along with increased revenue.
The real cost to companies that do not implement effective authentication, is in the loss of confidence and trust of customers, stock holders and employees. With identity theft on the rise, it catches the public’s attention and you don’t want your business to be linked with a mass identity theft event.
The following authentication tips will help to ensure that you are allowing only authorized parties access to secure information. Hope you find it helpful!
Develop a Comprehensive Authentication Policy - Your authentication policy should also be properly documented and will dictate all authentication techniques used. Once policies have been set it is extremely important that they are communicated appropriately to be sure that they will be consistently and successfully implemented and maintained.
Create Strong Password Policies - Require that passwords be approximately 8 characters long, 6 characters being the minimum, and implement rules to increase complexity of a users password such as the combination of letters, numbers and symbols to create stronger authentication. But be careful. Making it too complex could actually result in reduced security, as the user may write the password somewhere on their workstation.
Utilize Two-Factor Authentication - Two-factor authentication is where a user must present something they have, such as an access card or token, along with something they know, such as a password.
Safeguard Against Social Engineering Attacks - Social Engineering is the human side of breaking into a corporate network by fooling someone into providing valuable information or access to that information. To defend against social engineering it is important to generate overall awareness of the strong possibility of exploitation. Some examples of Social Engineering to be aware of include: Pretexting, Diversion Theft, Phishing, Phone Phishing, and Baiting.