get started today
Password policies, MFA, and biometrics have finally secured all our accounts, right? No! Compromising passwords through phishing, social engineering, and other nefarious methods are still one of the leading causes of security breaches. So how do we fix it? Passwordless Logins.
What you’ll take away from this session::
Check out the blog below or listen on your favorite podcast player. If you have questions or future topic ideas, please send to email@example.com.
Knowledge as a Service: MFA and Passwordless Logins
How safe are your passwords? As technology continues to evolve, the methods we use to protect our online identities must do so as well.
Passwords are notoriously weak and can be easily hacked, guessed, or stolen. And how many times have you forgotten a password, leading to frustration and loss or productivity? Passwords have been the primary authentication method for decades, but they are increasingly being replaced by more secure methods such as passwordless logins and multi-factor authentication (MFA).
MFA is a security system that requires multiple forms of identification to gain access to an account or system. It adds an extra layer of security beyond passwords, making it harder for attackers to gain unauthorized access to sensitive information.
However, MFA is still susceptible to social engineering and phishing attacks where victims are convinced to disclose their one-time passcode. Despite this, MFA is an important part of the overall passwordless login strategy, which combines multiple authentication techniques with new technology like passwordless logins.
The three ways of authenticating a person’s identity remain unchanged – something that you know, something that you are, or something that you have.
Passwordless login strategies incorporate these elements and unify them with a set of protocols. FIDO is a collaborative effort from all the major identity providers, which put together an authentication framework and developed industry protocols. FIDO or FIDO2 make the process of authentication more secure and user-friendly.
These combined methods are used to protect security keys, which are created on the user’s behalf when they create an account. Despite never seeing the security key, every account the user creates will have its own unique security key. If an account is compromised, it won’t impact the others.
One of the biggest problems today is the use of the same password across multiple sites. Password managers ease the burden of remembering complex passwords, but these often have an echo effect by becoming the new attack surface to compromise the account. FIDO establishes a set of protocols to facilitate the exchange and storage of the security keys, so application developers can incorporate new authentication methods.
FIDO is also currently working on “platform authenticators” where a trusted provider can store all of a user’s security keys and send them on their behalf after multi-factor authentication. This alleviates the issue authenticating from multiple devices without needing to synchronize security keys across all of them.
Accessing email can provide a common example of paswordless entry. Most have received a push notification on their phone when logging into Outlook from a new device. Before opening the authenticator, you use a thumbprint scanner on your phone. Leveraging either Bluetooth or Near Field Communication (NFC), the phone and laptop will verify proximity and can “see” each other. The unique security key that’s stored on your phone is then sent to the email system to authenticate the session and – voila – you’re in. By leveraging the combined technologies we’ve discussed, access is gained without ever having to type in a password.
This does not mean the end of Active Directory, the password platform and authentication method for almost all businesses and desktops today. Active Directory is where passwords are stored and what they’re validated against. We currently use three forms of Active Directory:
Starting the Passwordless Journey
Consider the options available to your organization, the type of work you do, and employee lifestyles. Evaluate the level of security needed. This will indicate how many factors you should be using. Then, consider what hardware and software meet your needs and improve current biometrics.
A strong partner like Mobius Partners will assess your needs and business requirements to determine the best path for a successful rollout.
Upgrade your organization’s data management capabilities and secure future success with Mobius Partners – the partner you can rely on for robust infrastructure, expert guidance, and ongoing support. Contact us today at firstname.lastname@example.org.
Shannon Gillenwater, Director of Technology
Shannon applies a wide breadth of experiences and deep technology skills to craft technology solutions that help businesses be agile, operate efficiently and satisfy customers. An articulate collaborator and effective change agent, Gillenwater has led diverse teams in designing and deploying enterprise-scale data centers and global networks. Always searching the horizon for what’s next, Gillenwater is a cloud-first adopter and now helps customers evaluate and develop software-defined solutions. Click here to connect.
Kyle Husted, Senior Solutions Architect
An experienced Virtualization expert, Kyle has achieved the highly sought-after VMware Certified Design Expert (VCDX) certification. He was the 48th person to receive the certification of which there are less than 300 certified globally. Kyle will leverage his 25 years of customer and partner experience in IT to assess business needs, IT design, and implement solutions offerings to provide positive business outcomes. Click here to connect.