Cloud

Cloud security experts: Use multi-factor authentication, you dummies

brulesrules

security-cloud

If you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can.

During today’s cloud security panel at CloudBeat 2012, three security experts that didn’t always agree about the best approaches to security did agree that everyone needs to start using multi-factor authentication.

Mentioning the now-famous incident of Wired writer Mat Honan being hacked, the panelists — HP senior security strategist Rafal Los, Qualys CTO Wolfgang Kandek, and CloudPassage chief security evangelist Andrew Hay — basically said every connected device you own and every electronic account you have has the potential of being hacked.

One of the easiest ways to start protecting yourself is multi-factor authentication. For example, if you have a Google account, you can install Google Authenticator on your devices.

“Standard passwords are not secure,” CloudPassage’s Hay said. “Multi-factor authentication is the only solution that will be accepted by the mainstream.”

Qualys’ Kandek went a step further, saying every service and site needs it: “Every site should use multi-factor authentication,” he said.

The panel also hit several other big topics:

– Should we be emphasizing security first for the enterprise or for consumers? HP’s Los and Qualys’ Kandek agreed that it needs to start with the enterprise, mostly because you can actually force security policies on employees whether they want it or not. Consumers won’t necessarily embrace security no matter how much you prod.

CloudPassage’s Hay disagreed. He believed security isn’t starting explicitly with either the consumer or enterprise. He said:

“It doesn’t have to start with enterprises or consumers. Personal users should be educated to use these tools. With enterprises, you’re assuming that the organization is going to know better than you when that may not be the case.”

– Is a standardized password policy across all big enterprises a good idea? Yes, but it’s not going to happen.

“I would love to have one standardized password policy to use across all companies, but my grandkids will be driving hover cars on Mars before that happens.”

– How can we make security policies better at companies? Get feedback from real employees, not just IT guys.

“Have your employees vet what you’re saying,” Hay said. “If you involve two or three people on the process, they’ll have a connection to the policy and add input that you might not have thought of.”

Check out more of our coverage and livestream from CloudBeat.

Photo credit: Sean Ludwig/VentureBeat