Keeping data secured online is cumbersome. Nothing beats in simplicity: reusing the same short password, avoiding IP filtering, sharing passwords in clear text, and not having 2FA. Business owners and engaged employees will work through some hoops, knowing what’s at stake. But not everyone will care, which will create vulnerabilities.
IT departments need to be careful in designing their systems as humans will work around annoying security procedures to save time. Strong master password requirements lead to passwords written on post-its. A password that needs to change every month gets a different tiny variation each time [study]. The list goes on.
As consumer services have become more user-friendly to increase usage, security needs to follow the same route. An almost perfect system that users follow is better than a perfect one that gets bypassed. At Hunter, we found that a few tools are great at maintaining a very high level of security without any hassle:
- Security keys are better than code-based 2FA in terms of UX and security [study]
- 1Password is such a well-design password manager that avoiding password reuse and enabling secure sharing becomes easy
- Cloudflare Access fixes the performance impact of old VPNs and improves authentication
We do a lot more to ensure the security of our application. But looking at this setup, I can’t help but notice that even though we have a very high-security standard, it requires minimal effort on the side of our team. Which is the only away to ensure the system gets followed.