Beefing Up Security in Database Logins


We are increasingly reliant on data and databases to run our lives and our businesses. The recent security breaches at Optus and Medibank, and the increasing number of ransom attacks, have understandably raised concerns for a lot of people about the security of their data. 


At Optus, the data breach was through an unprotected API that was open to the public. The API did not require a username and password which meant that anyone that knew the address of the API could connect to it without authentication. 


At Medibank, it was the theft of a single user’s credentials which were then sold on the dark web and used to download millions of very personal records. 


Adsafe, one of our long-standing clients, contacted us recently to see how they could increase their security as part of a security audit they were undertaking. 


We have a number of security measures in place which we will go into in more detail in a subsequent post but Adsafe’s main concern was the threat of a password attack. This occurs when hackers infer or use social engineering to get a valid login name and then use either dictionary attack or brute force to crack the password. 


We ensure all passwords are encrypted on the database to prevent them being seen via a SQL Injection attack or similar. We also ensure users choose strong passwords with a password strength indicator. 


To ensure a strong password, you should: 


     Use alphanumeric passwords with special characters 

     Use at least 10 characters 

     Not use it across multiple websites and applications 

     Change it regularly 

     Not use easily guessable information like birthdays and names 


For sensitive information this is not always enough. To take it to the next level many software providers, including us, offer Two Factor Authentication (2FA). 


How 2FA works 


       When the user logs in for the first time they are given a unique QR code 

       The user opens Google Authenticator on their mobile phone or device (if they do not have it they need to install it from their App or Play Store) 

       They scan the QR code from Google Authenticator 

       Google Authenticator generates a 6 digit code that changes every minute 

       As an additional level of security, every time the user logs in they need to enter that 6 digit code after entering their username and password  


Two Factor Authentication is increasingly being used on client databases and has recently been turned on for Adsafe. If you would like to know more about how we can help you store your data securely please get in touch.