It’s time to get serious about security, to break through the bullshit, and to implement Two Factor Authentication right now!
There are, simply put, three generally accepted methods of authenticating identity: knowledge; possession; and inherence. The first is familiar to everyone in the form of the password, passphrase, PIN, or even the pattern drawn with a finger on some smartphone lock screens; this is also sadly the weakest form of authentication. The knowledge factor relies on something you know, and that’s at once its biggest positive and negative.
On the plus side, a user can create (if the login process allows, and all enterprise strength ones should) a truly ‘strong’ password. I have placed strong within inverted commas for a reason; one person’s strength is another’s weakness. So, while the user may well think that transposing an “a” for an “@”, and throwing a couple of exclamation marks at their partner’s name is strong, a hacker could crack it in less time than it took me to write this sentence.