Although we all recognize that keeping our data safe is important and encryption is something we've probably heard about, how many of us really understand what that means? I know I'm learning more every day. Like the fact that we have TLS and SSL for encrypting data in transit (internet data, or the "https" you see when a website is labeled "secure"), but we still use poor password practices and breaches of our data occur every day. Don't tell my boss, but I definitely have a history of bad password habits: several passwords written down and even a few repeats *gasp*, because remembering them is hard. In 2018 alone, there were over 800 data breaches made public and I'm certainly paying attention now to what I can do better. Here's what I learned: there are two critical ways to keep your data truly safe.
1. Just say no to passwords and authenticate differently
Passwords and similar shared-secret authentication practices are a main reason the majority of data breaches happen today. We can't emphasize this enough. The simplest way to stop risking a data breach is to stop using passwords. How? Strong Authentication. Organizations like the FIDO (Fast Identity Online) Alliance have standardized alternative authentication methods that allow us to prove we are who we say we are in a simple and easy way. There are, of course, other ways to strongly authenticate systems, but FIDO is already garnering support from Microsoft, Google, IBM, and more. In fact, if you're using an up-to-date Chrome browser, you already have the ability to implement FIDO and authenticate without using your password. If you'd like to learn more about the specifics of FIDO authentication, check out this blog post on FIDO 101.
2. Keep your data safe at the most critical location
StrongKey refers to this as application-level encryption. Think of encrypting your data at the application level like coding your personal journal (read: diary) that's locked in your room. Pardon my very juvenile example, but stick with me here. Your diary/journal is safe in your locked room until your mom decides to get tricky and break in to read it. The diary/journal itself then becomes "breached" BUT if the content inside is coded and unintelligible, your mom can't understand or use anything you've written. Coding (or encrypting) your deepest, darkest thoughts manually is cumbersome, annoying, and time consuming. However, you rest assured that it cannot be read by anyone but you. Application-level encryption provides this kind of assurance surrounding your data—and it doesn't have to be a difficult endeavor in today's digital world.
There are a lot of considerations that affect how secure your data encryption is. One, for example, is outsourcing your encryption key management to a third party (that's like giving your little brother the decoder key for your journal/diary), but I'll leave the nitty gritty details to the experts. If you'd like to learn more about the two most important tenets of data security: application-level encryption and strong authentication, feel free to download this in-depth explainer sheet below.