Authentication

80 percent of all big data breaches are down to weak or stolen credentials. With employees using more and more online accounts, both personally and professionally, modern login authentication techniques allow organizations to ensure users are who they say they are, without hindering their experience.

We’ve been using passwords as a form of login authentication to protect our accounts and devices since the earliest days of computing.

While they were once an effective approach to security, these days they just aren’t sophisticated enough to do the job they were intended to do. In fact, 80 percent of all large-scale data breaches are down to weak or stolen credentials. It’s easy to see why.

Research from The Norwegian Centre for Information Security suggested that the average minimum number of passwords per consumer is 17, while the average minimum number of work passwords per person is 8.5.

That’s a huge number of unique character strings to remember. Which is why most people don’t bother and instead, use the same passwords across multiple accounts. Despite the rise in password managers, as well as warnings about using the same credentials on different websites, old habits die hard.

Hackers are now using automated processes to take advantage of this practice, such as brute force attacks and credential stuffing. Often in large breaches, whole databases of users are stolen, including their username (often an email address) and passwords. These databases then get sold off to the highest bidders, who then proceed to use software that automatically tries millions of combinations of these stolen details across lots of different websites. There aren’t just Instagram and Facebook accounts being hacked, but also corporate apps and devices.

Tech companies have realized there is an issue with passwords and many have introduced two-factor authentication, verifying users with a passcode sent to their phone. While for the vast majority of consumers, this is probably a satisfactory level of added security, for corporate networks it gets a bit more complicated. When you think about the number of online accounts the average employee uses a day, constantly entering passwords and login authentication codes is going to get tiresome pretty quickly. On top of that, two-factor authentication usually relies on sending passcodes to a user’s mobile phone via SMS. Not only does that assume someone will always have a mobile on them, but SMSs are also not as secure as many of us like to believe.

For user authentication to be worthwhile it needs to be highly secure, but also frictionless for the employee. Context-based authentication does just this. Rather than challenging users whenever they log-in, context-based authentication understands what ‘normal’ behavior is for an individual and uses this baseline to determine if someone is who they say they are. If a user is logging in using a company device from their normal office location, for example, is there a need to ask them to enter a one-time passcode (OTP)? Not with context-based authentication.

Users aren’t always predictable though – think business trips abroad, a new device, working at different hours – and, at times, it will be necessary to add an additional factor in the form of a passcode. For OTPs to work, their delivery has to be almost guaranteed and they need to be highly secure. This means having options outside of SMS. That can be an app, email or voice as additional options for OTP delivery and login authentication. Each passcode must be session specific so there’s no risk of a malicious actor using old codes and the organization should be able to block access if needed.

Login authentication shouldn’t be a chore. User experience is as important – if not more important – than the technology. Context-based authentication and MFA guarantees an easy and highly secure means for trusting users.

Authentication Insights

When the suite is not so sweet

In a world where the majority of data breaches start with weak or stolen credentials, many businesses have added an ...

Read More_

Why it’s time to ditch the password…

Given that passwords are on the front line of defence in the security of corporates and individuals, it’s mind boggling ...

Read More_

Are humans still the weak link in the Cyber Security chain?

I think the answer has got to be a resounding yes. There will always be black swans and sheep that ...

Read More_

Behaving Badly

As any law-enforcement advisor will tell you, criminals succeed mainly because they understand the human psyche. Knowing how to manipulate ...

Read More_

Want to discuss your specific security requirements?

Get in touch for an informal conversation

Not ready to renew yet?

If you're interested in Censornet security services but your existing service not ready to renew, give us a few details and we'll be in touch nearer the time.