Anti-fraud group Profit is urging travel firms to reduce their reliance on computer passwords in its latest Counter Fraud Campaign 2019 email.
It suggests businesses should only use passwords except where necessary, such as for access to the company Wi-Fi, and use multi-factor authentication (MFA) for important accounts. This requires a password that is used along a text message, fingerprint scan or random number generator to access the account.
To reduce pressure on staff to remember multiple passwords, firms are advised to use single sign-in systems which allow employees access to everything they need to do their job after they have logged on.
Password systems can also be configured to allow a progressively increasing time-delay between log-in attempts, known as ‘throttling’, if users forget their password. This policy is preferred to ‘account lock-out’, according to Profit, which locks users out after several attempts and requires an access recovery method to be put in place.
Profit is also advising businesses to use security monitoring to detect abnormal activity; password blacklisting to avoid users choosing the most common passwords; protect passwords using HTTPS; protect the access management system to prevent attackers using it to get into the system; store passwords in hashed format (unreadable string of characters); prioritise security around important or vulnerable accounts; change all pre-set passwords on new apps and devices; and have facilities to store passwords.