Login Security

Summary

Login with a username and password is now insecure, because you can’t trust the security of the website you are accessing. Using a second form of identification (two factor authentication) can greatly reduce the risk of getting hacked.  Implement DUO two factor authentication to protect your network and data, and use the DUO app on your smart phone to secure your sensitive logins.We have had clients with remote access enabled get hacked – they had an account on the network with a weak or compromised password. We recommend using two factor authentication to protect remote access to your network and for sensitive website logins.


We have had clients with remote access enabled get hacked – they had an account on the network with a weak or compromised password. We recommend using two factor authentication to protect remote access to your network and for sensitive website logins.

Passwords alone are not adequate to secure access from the Internet. Recent compromises of large – supposedly trustworthy – websites show that your password is not safe. Even if you follow best practices, the website you log in to stores your username and password. If they get hacked, your account is hacked.  There are about 3.5 billion internet users. If tinternet for your financial data. There about 1.5 million victims of cybercrime per day.

If you are a business owner, you rely on the security skills of your employees to protect your sensitive data. One study showed that about 70% of employees will give away their password for a chocolate bar. They may not be as careful as you would like with network security.

It is very easy to download software to scan the internet for networks with remote access enabled, and then use password cracking tools to try millions of passwords automatically. Those that have Remote Desktop enabled will see hundreds of failed login attempts daily in their security logs.

Password security is based on something you know – your username and password. Two factor authentication adds something you have.  Even if someone has your password, they still can’t log in without the second part.  This has gotten easier, and many websites now support it.  Most people now have a smartphone, making this the easy choice for a second factor. There are others – such as a token, a USB stick, a key fob, or an ID card.

Using fingerprints or facial recognition is another form of 2nd factor. This has drawbacks in a business environment where an employee may leave.

Windows 10 users have the option to use Windows Hello which greatly increases security for Windows logins. It is complicated to set up on a network, requires special hardware for the 2nd factor, and only protects the PC login, not website and remote access logins.

We recommend using the DUO authenticator with a smart phone. It is easy to implement, easy to use, well supported, and a market leader. It is also relatively inexpensive compared to other solutions.

We have looked at alternatives such as Authy and Google authenticator. DUO has management and other features that make it the most attractive solution for business users.

DUO requires software to be installed on the network (on the domain controller) that intercepts the Windows (RDP or VPN) login, and sends a message requesting a second factor before granting access. The message can be sent using the DUO app, via TXT, by a phone call, or with a Token such as the YubiKey.

The DUO client app is free, and works on both Android and Apple devices. It is very simple to use. A numeric token can be used to login even if the Internet is down and you have no cell service.

When you log in, you get a pop-up asking you to verify your ID:

chooseMethod

The DUO app will pop up on your phone, and you confirm that you are logging in:

ApproveA web based management portal allows you to set up and manage users. You can see who has logged in, when and from what device.  You can restrict login authentication to specific devices or geographic areas. You can allow local (in the office) logins to bypass the 2nd factor. It is very flexible.

We are now an authorized agent to enroll new customers and set them up for DUO. When we set you up, we are able to manage the account along with you or on your behalf. We can also configure the needed software on your network.  Pricing is based on features, and is per enrolled user per month.

Not everyone needs to enroll – only those logging in to the network remotely or logging in to sensitive websites. Logins with sensitive data that can be accessed from the internet are at the greatest risk.

We still recommend using LastPass for password management, provided it is secured with a second form of authentication. DUO is a perfect fit for this.

We have been discouraging use of RDP (Windows Remote Desktop) for remote access, due to security concerns, and recommended LogMeIn or GoToMyPC instead. With DUO, RDP can be properly secured.  We recommend using the 2 factor authentication offered by LogMeIn – any account that can be accessed from the Internet needs greater security.

DUO offers a free trial, and we have qualified as a dealer/installer for their software. Let us know if you would like to give it a try, or want to talk about it.

More information: Compare

A 2 minute video explaining 2 Factor Authentication
A 2 minute video describing DUO for network admins
2 Factor authentication tutorial and more from Wikipedia

List of recent large data and password thefts.
Password Cracking and the need for 2 factor authentication
Websites supporting 2 factor authentication
FIDO Alliance – a 2 factor standard
Why not to use SMS as 2nd factor

Choosing a secure password
Test your Password – How secure is my password?
Check if your Password has been stolen
Password crackers: LostPassword.com WindowsScope.com More

LastPass DUO support
Setting up YubiKey for DUO
DUO for RDP
Using DUO for Google authentication

Authy vs DUO
Other 2 factor authentication apps
Comparison of 2 factor authentication apps

 

 

bkTGTim Torian has his degree in Computer Science, and has been consulting on computer networking for the past 30+ Years. He is a Microsoft Small Business Specialist, and a Cisco CCNA and CCNI.  He has taught computer networking at the College of Sequoias and Cal Poly Extension. He was awarded “Entrepreneur of the year” by the Tulare County EDC in 2008. Torian Group was awarded “Technology Business of the Year” by the SBDC in 2011. Tim is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, web design and Internet marketing.

How to Contact Us

 519 W. Center Ave.
Visalia CA 93291