Simeio
4 Multi-Factor Authentication Concerns for the Travel and Hospitality Industry

4 Multi-Factor Authentication Concerns for the Travel and Hospitality Industry

4 Multi-Factor Authentication Concerns for the Travel and Hospitality Industry

Hacking is a contest of opportunities. Security is a contest of probabilities. The stakes for both are high. Bad actors keep an eye out for flaws in a system or a human weakness to burrow into. Each data request has the potential to be a mask, a deception wherein an identity has been compromised. Even tech giants like Microsoft have experienced data breaches resulting from conventional authentication methods. In this battle of odds, IAM security relies upon perimeters built around each individual identity. Multi-factor authentication (MFA) swings those odds heavily into the favor of the defenders.

For travel agencies and hospitality services, verifying the identities of customers is critical. Without sufficient checks, tight travel plans and expensive accommodations can be snatched away. If an issue arises, your customers become acutely aware of any delays or shortcomings in your response. A customer who might have looked to your services for years to come instead spreads word of their bad experience. Conversely, a customer who enjoys a frictionless and secure digital experience are more likely to develop brand loyalty and even advocacy.

The travel and hospitality industry is not the only sector which has observed considerable benefits from adopting MFA. Industries ranging from healthcare to finance have leveraged multi-factor authentication to great effect. Banking security, confidential patient information, and even self-service password recovery are protected by multiple layers of authentication. As the feature becomes a staple of secure identity and access management, transport and guest enterprises cannot afford to lag. However, recognizing the need and addressing it are worlds apart.

Are you contemplating where to start on your own multi-factor authentication rollout? Do you know what assets need to be provisioned or evaluated? Education is your first step towards successful multi-factor authentication rollout.  Memorize these 5 critical multi-factor authentications directives and execute them. Doing so saves you time, prevents costly reworks, and avoids frustrating your end-users.

1. Your Multi-factor Authentication Server

A dedicated central repository, providing a single source of truth, forms the foundation of your MFA. Without a reliable and well-ordered server, the different facets of identity quickly become muddled. The last thing you want is for devices to be associated with the wrong credit card. Or, worse still, for personal info to be unsecured. As such, implementing a solid multi-factor authentication server (preferably backed by a solid identity governance and access platform) is key.

The MFA server is the “brain” that drives all policy decisions and functionality.  Think of it as the airline you choose to ride on your journey to the multi-factor authentication finish line. You don’t want to choose an airline that will tear apart mid-flight. Instead, you want one that provides a comfortable experience and gets you where you’re going. The solution must be flexible enough to process meaningful identity data, such as location, time of use, and password veracity. 

This “brain” should have broad out-of-the-box integrations to various common endpoints. This maximizes use of its capabilities in all facets of your identity and access management landscape. The multi-factor authentication server should be accessible to your on-premises and cloud applications, services, and servers. For example, a cloud-only check-in app may need to interface with an on-sight TSA program. A central MFA server alleviates any potential difficulties of fitting these pieces together. However, your choice must be informed by an expert IAM opinion.

2. Your Multi-factor Authentication Clients

Multi-factor authentication clients are the various devices end users interact with using the MFA server for proper authentication vetting.  A capable server supports myriad client devices and identification techniques. These devices include desktops, laptops, tablets, mobile phones, grid cards, smart cards, RFID cards, key fobs, hard tokens, soft tokens, and biometric readers. The ID techniques range from simple password checks to cutting edge biometrics.

Mobile phones are becoming a very popular option for multi-factor authentication. Smartphones are not only ubiquitous but also support many of the identification techniques that normally require deployment of additional hardware. This is especially true for one-time password (OTP) & biometric options.  Be sure to confirm support for all the client devices that are most common during your rollout. This minimizes your challenges with leveraging your MFA server before you make your selection. After all, it would be a shame for clients to try to check in your front desk only to find that your system does not support Android. Do not neglect your customer identity and access management solution.

Also, make sure to select the right identification techniques based on your user populations and factor in the deployment time and cost. Authentication methods such as password-complexity requirements are simple to implement but can cause friction. More complicated yet effective methods, such as biometrics and single sign-on (SSO), are more difficult to implement on your own. Your best option, but most challenging to institute, is an adaptive multi-factor authentication platform. Adaptive MFA scales authentication requirements in response to carefully tuned criteria. However, that kind of platform is both difficult to design and implement. In such cases, a managed identity service provider may be needed for an effective implementation.

3. VPN and SSO Integration

Remote access is typically the first use case out-of-the-gate for MFA integration. Most companies already have a VPN (virtual private network) gateway in place. Your choice of VPN is your “stake in the ground” decision for making your MFA server decision. Ideally you would pick your MFA server first to maximize your capabilities. You should also consider implementing a cloud infrastructure and entitlements managements (CIEM) platform. Due to the remote nature of your server, it is only responsible to set up a security perimeter for it.

You may be fortunate enough to be at an inflection point. This is where your current technology is due for an upgrade or replacement. As such, it makes sense to re-prioritize your VPN selection based on your MFA selection. Going with a capable MFA server yields the benefit of a wide range of out-of-the-box integrations with popular VPN platforms. VPN service providers such as Nord, Express, and Palo Alto are easy to set up. However, secure integration with your full identity fabric requires some tinkering to maximize your results. Additionally, you should couple your MFA to a proper SSO. So long as special care is taken to ensure that your SSO does not compromise the security of your MFA, it can work wonders for user experience.

Consider a hypothetical (yet common) situation wherein an airline traveler needs to quickly retrieve their ticket information. Having to sign in first on the airport’s website, then onto their airline’s profile, and yet again for individual passengers creates friction. It is frustrating and potentially slow enough to make them miss their flight. Single sign-on (SSO) remediates this issue. The combination of adaptive MFA and SSO is the baseline of modern cybersecurity. Each contributes to security while also easing friction for users and synergizes well with PIM. However, this marriage requires a crucial link: a privileged access management (PAM) solution. Without a suitable PAM overseeing your identity fabric, your platform lacks the comprehensive analytics necessary for reactive identity authentication.

4. Application Access Management Integration

Identities are not the only facet of your enterprise which play a part in your multi-factor authentication solution. Application access management integration is a crucial integration point for MFA.  Having an access management solution in place is a best practice for managing access to applications, especially web applications. Application-focused access management do not only serve to link disparate applications into a single platform. They also aid in the onboarding of new applications, ensuring that security standards are maintained, and processes do not conflict with each other.

Integrating your MFA solution with an access management solution provides an efficient mechanism for providing MFA capabilities at the individual application level. Since access management solutions form the authentication and authorization backbone for internal and external applications, this essentially extends your MFA capability to internal and external users in an efficient manner. Access management is of such profound importance that there is something to be said for prioritizing it even over a multi-factor authentication rollout.

Because access management forms the ground-level of IAM, it makes sense to establish it first and then add on MFA afterwards. Of course, this assumes that your enterprise does not already have an active access management system. However, if that is the case, it carries its own set of challenges. Your existing system must first be checked for security gaps and then for potential vulnerabilities that could arise from MFA integration. An IAM audit should be performed to assess the full scope and needs of your identity platform.

Acing Your Multi-Factor Authentication Rollout

Taking these 5 considerations into account when you are looking at your MFA solution will lead to a much less bumpy road for your end users. IT admins can rest easier, knowing that the identities under their stewardship are that much more secure. Meanwhile, customers enjoy fewer pain points and less friction in their experience with their travel and hospitality service providers.

The result will be a consistent MFA end user experience for your users across the enterprise and a sound technical approach to solving the most common MFA use cases.

Unleashing Access Management and Federation

Unleashing Access Management and Federation

Access management and federation makes resources and services more accessible in the increasingly interconnected digital world of modern business. As the number of user identities and permissions grows, organizations must navigate a landscape where users have multiple digital identities. Additionally, authentication methods are more sophisticated than ever before.

One solution that has emerged to address these challenges is federated identity management. In this comprehensive guide, we will delve into the evolution of access management, the transformative role of federation, and its far-reaching benefits for businesses and users alike.

The Evolution of Access Management and Federation

AM has come a long way from its humble beginnings. Once, access management relied primarily on usernames and passwords for user authentication. However, over time the number of user identities and permissions grew. The need for more efficient and secure access management methods became apparent.

Single Sign-On (SSO) revolutionized access management by allowing users to authenticate once. This allowed them to access multiple services without needing to enter their credentials repeatedly. As a result, SSO solutions, such as Microsoft Azureminimize the security risks associated with password management while simplifying the user experience.

The rise of federation in access management is rooted in the need to address the growing complexities of managing access across multiple platforms, devices, and organizations. With federated identity management, Identity Providers (IdPs) and Service Providers (SPs) synergize. Thus they create a seamless, secure, and user-friendly authentication experience across various web applications.

By leveraging protocols like the Security Assertion Markup Language (SAML) and OpenID Connect, access management and federation enables users to access different services using a single set of credentials, such as their organization’s Active Directory account. This simplifies the login process and reduces the number of passwords users must remember.

Access Management and Federation in Action

Various industries have harnessed the power of access management and federation to tackle their unique access management challenges. For instance, SaaS applications frequently leverage federation to provide users with seamless authentication experiences. Furthermore, these applications can efficiently manage user access, permissions, and workflows by integrating with existing enterprise identity management systems.

The healthcare industry presents another compelling use case for federation. Secure access to patient data is paramount in healthcare settings. Federation can ensure that medical professionals can quickly access the necessary information while adhering to stringent security and compliance standards. By implementing federated identity management systems, healthcare organizations can strike a balance between security and ease of access.

Futureproofing through Access Management and Federation

As the digital landscape evolves, adopting federated solutions becomes increasingly critical for organizations looking to stay ahead of the curve. With emerging trends like decentralized identity and zero trust architecture gaining momentum, businesses must embrace federation to maintain a competitive edge.

The decentralization of identities is of particular interest to access management and federation practitioners. As the concept of self-sovereign identity gains traction, users will have more control over their digital identities. Federation will be crucial in connecting decentralized identities with service providers, ensuring secure and seamless access to various services.

Similarly, the zero trust model emphasizes verifying and authorizing every access request, regardless of origin. As security threats from compromised credentials continue to rise, zero trust offers a highly effective alternative. Federation helps organizations implement zero trust by facilitating secure access management across different systems, applications, and services.

Partnering with Simeio: Navigating your Digital Transformation

As the importance of federated identity management grows, businesses need a trusted partner to help them navigate the transformation. Simeio offers comprehensive IAM services and expertise in access management and federation. Simeio’s identity experts empower organizations to harness the full potential of federated identity management.

Simeio’s team of experts can guide you through every step of implementation. From implementing SSO solutions, integrating SAML or OpenID Connect protocols, to designing and deploying custom federated identity management systems. By partnering with Simeio, you can ensure that your organization is well-equipped to face the challenges of modern access management and collaboration.

Federated identity management transforms how businesses manage access to resources and services, offering users a streamlined and secure authentication experience while simplifying IAM workflows for organizations. By understanding and embracing federation, organizations can stay ahead in the rapidly evolving digital landscape and protect their valuable resources from cybersecurity threats. Contact our expert team to learn how federation can benefit your organization and explore Simeio’s comprehensive IAM services.

SSO and Adaptive MFA: The Modern Security Baseline

SSO and Adaptive MFA: The Modern Security Baseline

SSO and Adaptive MFA

For the cybersecurity officer looking for solutions to their managed identity woes, SSO and adaptive MFA is a fresh spring in the desert. However, the ideal access management program must capitalize on both features in their proper context. Implemented properly, SSO (Single Sign-On) provides your users with a simple and convenient means of accessing their identities. Likewise, adaptive MFA (Multi-Factor Authentication) can elevate risk posture to exceptionally high levels across even large attack surfaces.

However, like any up-and-coming system (or any system in general) you must properly understand and apply each with the proper guiding principles lest their implementation end in disaster. By understanding the potential benefits and risks of SSO and adaptive MFA, your enterprise becomes positioned to take full advantage of their capabilities.

Consolidation of Security

If you’re a CISO of any experience, you know the constant struggle of balancing useability with security. The struggle only gets more challenging as operations scale up. Attack surface grows with a company, an issue exacerbated if the identity management system doesn’t intelligently scale with it. Multiple accounts, scattered authentication methods, and inadequate integration usually result in gaping holes in an enterprise’s identity fabric.

SSO and adaptive MFA offer a solution to these issues. SSO minimizes sign-ins and MFA by provides easily proven (yet hard to spoof) safeguards and recovery options. In addition to the friction alleviated by SSO, the reduction of memorized credentials also greatly reduces password fatigue. Likewise, MFA streamlines the account recovery process. The otherwise tense and tedious verification becomes a matter of minutes instead of hours or even days. When paired with an identity service security, SSO and MFA transforms your identity fabric into a world class platform.

Pankaj Kumar, Senior Manager at Simeio, describes the advantage of SSO and MFA as a consolidation of authentication. “When an enterprise wants an authentication method,” he says, “it can be centralized, delivering an authentication service that integrates all applications into it.” It also establishes a trust with an AM solution. A user trusted by the solution also gets trusted by the applications.

Adaptive MFA as the New Normal

Implementation of adaptive MFA comes in two stages: authentication and proofing. Initial authentication is only one factor at the start, usually the user ID and password created when creating a new account. Some companies will leave the creation process there, but more savvy enterprises move on to proofing as quickly as possible, sometimes not allowing account access until proofing is complete. By instituting these systems, enterprises harden their defenses and make answering the 6 vital security questions much easier.

Proofing a user means building up the characteristics of their unique identity which can be referenced later to prove oneself. The “adaptive” aspect comes into play in terms of criticality of risk: i.e. different levels of verification based on circumstance. For example, if an account holder goes to a bank to withdraw some cash, they might only give their account number to access their checking. But if they tried to take out several thousand dollars or called the bank remotely, then the banker may ask for their Social Security number or even biometrics.

Adaptive MFA determines the criticality of the risk based on the criticality of the request. Whenever the system determines that something is risky or out of the ordinary, the authentication stages are increased. This ensures that whoever is trying to get access is who they say they are. This scalable process adds dynamism to improve the user experience and productivity. The solution itself determines the risk factor and increases or decreases the challenge accordingly.

Intelligent Implementation of SSO and Adaptive MFA

With SSO and adaptive MFA establishing themselves as hallmarks of modern systems, their intelligent implementation becomes paramount. Many people misinterpret SSO as a brand-new technology when it is simply a reconfiguration of existing policy rights. On the other hand, far too often companies try write their own code. Instead they should use standardized protocols, common development framework, or even off the shelf SSO products.

Adaptive MFA requires more infrastructure than SSO, usually in the form of a specific technology. Services like Ping offer scalable adaptive MFA programs while others like Simeio bundle it with offerings like the Simeio Identity Orchestrator. Such services make the implementation process much easier, with expert advisement and quick implementation. Simeio clients simply fill out an application and they’re automatically onboarded for SSO, adaptive MFA, or both.

By taking maximum advantage of the possibilities offered by SSO and adaptive MFA, including adjacent developments like passwordless authentication, CISOs can face modern cybersecurity risks head-on. By pairing automated verification policies with active threat detection and remediation, you give bad actors fewer gaps to work with.

If you’re ready to explore your options for strengthening your risk posture while enhancing your user experience, talk to a Simeio identity expert now.

10 Ways to Enable Safer Passwords – #8 is Get Rid of Them!

10 Ways to Enable Safer Passwords – #8 is Get Rid of Them!

Many users dislike passwords, finding them aggravating and tedious. In the face of developments like Zero Trust and Adaptive MFA, the days of passwords may be numbered. However, at present the standard of cybersecurity starts with passwords. Yet the issue of passwords as a vulnerability still remains. If you use logical policies, governance, technology and products, you can ensure the usage of safer passwords driven by security-minded principals.

Given the fact that passwords are a necessary evil, the following 10 tactics enable safer passwords and strengthen the risk posture of your Identity Management.

10 Tips for Safer Passwords

1. You must be aware if your password has been compromised, or “pwned.” You can find out if your passwords have been the victim of a breach at https://haveibeenpwned.com/Passwords. Also, don’t respond to anything that looks questionable or that might be a phishing attempt! Any email asking you to click on a link and enter account information is always suspicious.

2. Use a passphrase, not a password. “To be or not to be” is better than “Hamlet.” You can also use several random words of different lengths, like XrayYellowZebraHelicopter.

3. 2Bor!2b? is also good, and it aligns with an obsolete, but still follows the widely enforced standard for strong passwords: 8 characters- 1 upper case, 1 lower case and one non-alphanumeric character.

4. Stop changing your password every 90 days. A strong password that you easily remember should last a long time. Scheduled password changes are an invitation to iterative passwords, which are problematic. However, if the password is compromised, it should be changed immediately.

5. It is OK to write your passwords down. But not on a yellow post-it stuck to your monitor or under the keyboard. And never do so in a public place, including your office. Put them somewhere safe like a notebook or journal stored away from your computer.

6. Passwords should be unique to every site you visit. Reusing the same password for your financial information on a social media site isn’t safe.

7. A password manager helps keep track of multiple unique passwords. Password manager software stores and manages online credentials within an encrypted database. Additionally, the manager locks the sensitive data behind a master password.

8. Stop using passwords and use biometrics instead! Passwords are a weak link in a cybersecurity defense. Biometrics, on the other hand, provide unique credentials. Because your body serves as the key (fingerprint, facial, etc) these credentials cannot be duplicated.

9. Multi-factor authentication, or MFA, is a password paired up with another verification code that can be sent to you via email, SMS, phone or even an app on your smartphone. It can even work without the password with just the verification code or one time password.

10. Let your browser pick one! Most of the major browsers will suggest a password that’s almost impossible for you to remember. As long as you access that site with the same browser on your computer or have it linked across all of your devices, it works great. Just remember that like a password manager, the password securing your computer has to be strong.

Achieve Password Security through Intelligent Identity Management

Passwords will provide bad actors with an ongoing source for their malicious activity for the foreseeable future. As you can see, there are many ways to manage passwords and methods to ensure protections. Hopefully the suggestions above will help increase awareness of the need to protect credentials and provide some helpful guidelines to help keep your information safe.

Go Passwordless this World Password Day—ironic but a reality!

Go Passwordless this World Password Day—ironic but a reality!

Passwordless

World Password Day – the first Thursday of every May – exists to remind people of the importance of protecting themselves when online by using strong passwords. Cybercriminals grow increasingly bold and sophisticated in their methods. As a result, concerned users are adopting modern cybersecurity paradigms. Passwordless solutions provide better data security than conventional passwords. Ironic, but true.

Most data breaches are the result of credential theft. Simple passwords make companies more vulnerable in brute force attacks, which involve cybercriminals trying millions of possible passwords in just seconds. Credential stuffing is a type of cyberattack that involves cybercriminals purchasing stolen account user names and passwords off the dark web and trying using them to try to gain unauthorized access via automated login requests. These are especially successful when people reuse old passwords.

Password Security Strategies

Like a car thief who checks doors for one that is unlocked, a cybercriminal wants the easiest route possible into a company’s data. Tight online security within the company is a major deterrent. For companies that insist on relying on passwords for online protection, there are strategies to make them more secure.

These include using:

  • Unique passwords for each site or app. For example, do not use the same password to log into your project management app as you use for a social media site or a banking site.
  • Phrases rather than a more standard one- or two-word password (think “To be or not to be” rather than “Hamlet”).
  • Shortened and memorized versions of a favorite phrase, like 2Bor!2b?
  • Passwords randomly generated and suggested by your browser.

If you access the site on the same browser on your computer or have it linked with other devices, you will not need to enter the password every time. However, you must ensure it is a strong password.

  • Three or more unrelated words together, like SapphirePuzzleMongoose
  • A notebook to store passwords. Just make sure to keep it in a separate place from your desktop or laptop. No passwords scribbled on a scrap of paper and slid under your keyboard or stuck in your top drawer.
  • An online password manager to store and manage online credentials.

Even if you take these measures, the danger is not alleviated. The reality is passwords are no longer sufficient to combat attacks from bad actors. As such, there are several significant reasons to embrace alternatives to passwords. Here are three reasons to consider moving to a passwordless strategy.

#1 Reason for Passwordless – People hate them

Like filing their taxes, creating, and managing passwords rank high on the list of activities people love to hate. Requiring that employees keep and maintain passwords can lead to frustrated employees. This is especially true if they must change them every 60 to 90 days. Passwords also probably are not popular with vendors, customers, and partners that need to access your site. And they create headaches for the business too. After all, there are costs and complicated processes to consider. These are associated with developing, deploying, and managing a repository to keep user passwords secure. For instance, the average help desk cost to reset a user’s password is $70.

#2 Reason for Passwordless – Passwords are a Weak Link

In fact, 80% of data breaches resulted from hijacked and misused passwords. The typical user has dozens of online accounts and 51% of their passwords are reused among the accounts. Lost business can also be a negative consequence of passwords, with one-third of online purchases given up when consumers cannot remember their passwords.

Arguably, user names and passwords are the weakest links in your cybersecurity program. Password fatigue can lead employees to make unwise choices, such as creating weak passwords they can more easily memorize or re-using a password for multiple sites, which can increase the company’s risk.

#3 Reason for Passwordless – Modern Challenges Require Modern Solutions

Passwords have been around for decades but so much has changed in that time. With the surge in mobile phone use, the subsequent proliferation in the number of apps, and increase in data stored in the cloud, cybercriminals have new endpoints to attack and more incentive to launch attacks. Plus, there are many more cybercriminals now – even working in groups – to worry about.

When companies sent their workforces home to work remotely in 2020, we saw how even the most technically savvy companies can be challenged by new circumstances. The number of potential security attack surfaces increased, making remote workers targets of attacks. Situations can change fast so companies must remain agile in all aspects of their business, including cybersecurity, and be prepared for the unexpected.

How to Shift to Passwordless

Companies have a few major passwordless options for identity authentication if they evolve from passwords. Make sure any security method you use is scalable. Biometrics authentication verifies identity by unique physical identifiers – like a fingerprint or facial scan – to assess if the proper person is requesting access. These physical characteristics are the ultimate in unique credentials and cannot be duplicated.

Some software vendors have aided the shift via the introduction of operating system authentication. Accessing the business software takes two-factor authentication instead of a password and involves a new kind of credential associated with a PC or mobile device.

Another option is passwordless authentication. You may be familiar with multi-factor authentication, or MFA, which requires traditional passwords. With this method, a person enters a user name and a password to request access. Thereafter, an email, SMS, phone, or a smartphone app sends a verification code. They then enter the code to gain access. While more secure than using only passwords, this takes extra steps and creates additional friction for customers, partners, and employees.

Passwordless authentication simplifies and speeds the process. Users no longer need to remember passwords and can use any device, service, or application, including VPN, VDI, cloud, mobile, and web. The right standards-based approach for logins can be secure and interoperable across any website, application, device, and supply chain. And the best way to manage this approach – including modern authentication methods like security keys, facial and voice recognition, fingerprints, smart cards, key certificates, and apps for access tokens – is with centralized authentication.

Free yourself from passwords

Simeio supports more than 100 organizations in streamlining, simplifying, and saving costs in their digital transformation engagements. We are passionate about helping companies secure their data and increase the confidence of the people who entrust them with it. Our modern access management solution with passwordless administration can help boost security, decrease cost, increase agility, and reduce user friction. Modernizing your IAM program can help your company realize these benefits. Learn how our team with its expertise has made it happen!

Modernizing Access Management with Password-less Administration

Modernizing Access Management with Password-less Administration

Modernize your security strategy with password-less authentication

Authentication is a secure mechanism for accessing systems and applications. Authenticating with passwords is extremely prevalent and has become part of our everyday life, from accessing email to online bank accounts and everything in between. But passwords can be an inhibitor rather than an enabler for business and commerce. Compromised passwords impact retailers, healthcare providers, government agencies, telecom and mobile operators, and financial and payment services. Password-less administration is the remedy to this issue.

Modern access management solutions provide numerous benefits. They deliver cost efficiencies, enable flexible system and application integrations, empower businesses to adapt to new and changing technologies, environments, and deployment models, and reduce user friction. But, if your identity and access management solution is outdated, making your organization vulnerable to breaches and unprepared for the ever-growing regulatory requirements, how do you fully leverage these benefits?

Today’s security protections encompass many areas, like identity access and governance, consumer privacy, regulatory compliance, patching, upgrading, and application and system integrations. The cost and management required to successfully support, protect, and control access to systems, applications, and data for this array of requirements can be expensive and complex.

Passwords are Becoming the Bane of our Existence

Data breaches associated with passwords have been increasing for decades and are only getting worse. In fact, 80% of data breaches come from hijacked and misused passwords. The typical user has dozens of online accounts, and over 51% of their passwords are reused among those accounts. While online businesses rely upon passwords to authenticate users, one-third of online purchases are given up when consumers can’t remember their passwords. Helping users reset passwords and provision devices adds cost and lowers profits, with the average help desk cost of $70 just to reset a user’s password.

Time for a New Authentication Method

If 2020 has taught us anything, external impacts like the pandemic have caught many of us ill-prepared for a primarily remote workforce. The potential security attack surfaces have increased exponentially with the move to an offsite work environment. The most successful attacks, with increasing numbers, are from stolen and abused passwords. Credential stuffing is one of the most common attack vectors. This is where hackers obtain a list of accounts and passwords on the dark web and then systematically use them against login services.

A common counter measure is to add another layer of security with multi-factor authentication, or MFA. After a password is provided and validated, another authentication measure takes place, such as entering an SMS code or responding to a push notification for validation. However, the password is still an integral part of this process. The downsides to this approach are the additional steps that need to be maintained, managed and paid for, and the friction it can add for customers, partners, and employees.

The writing is on the wall. We need a new, standards-based approach for logins. One that is secure and interoperable across any website, application, device, and supply chain, and frictionless for all users. Successfully issuing and managing today’s modern authentication methods with security keys, facial and voice recognition, fingerprints, smart cards, key certificates, and apps for access tokens, requires centralized authentication with effective systems, policies, and processes.

The good news is access management vendors, independent software vendors, and device manufacturers are all rallying around a new set of password-less standards.

Password-less authentication simplifies the login process, eliminates stolen passwords, and resists phishing and other cyberattacks. Users no longer need to remember their passwords; they can use any device, and any service and application, like VPN, VDI, cloud, mobile, and web.

Enter FIDO for Password-less Authentication

The FIDO Alliance addresses the lack of interoperability between strong authentication technologies, and remedies problems for users creating and remembering multiple usernames and passwords. Its main goal is to improve security postures by standardizing the authentication mechanism, and providing alternate solutions to password-based authentication.

FIDO Alliance provides certification programs and specifications to ensure an interoperable ecosystem of vendor products and services for enterprises to leverage FIDO authentication. FIDO includes programs that delineate the security capabilities of FIDO Certified Authenticators and provides testing and validation for the efficacy of biometric components.

FIDO2 provides a standard authentication protocol that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. It leverages cryptographic credentials which are unique for every website, and never leave the user’s device. This eliminates the risks of phishing, all forms of password theft, and replay attacks.

FIDO2 standards are looking to pave the way for new password-less requirements, and enable customer and workforce authentication flows. FIDO2 promises to reduce login friction for customers, employees, partners, and supply chains.

Need Help Implementing Password-less?

IAM is dynamic, with many moving parts. It’s a complex process of integrating and managing credentials, accounts, entitlements, roles, permissions, policies, processes, and resources to enable effective access control.

Simeio is a single-source provider of integrated IAM solutions and applications that support consumers, employees, and privileged users. We created a cost-effective and secure foundation for digital transformation within a cohesive, unified, and user-friendly platform.

Simeio helps organizations better address the complexity of their identity requirements, as well as empowering them to effectively plan the implementation of identity solutions, based on industry standards, and vast experience in the IAM space.

We help organizations with identity process and technology, enabling them to take advantage of upcoming technologies, like FIDO2, and many other standards and guidelines from organizations like NIST and others, using best practices. We partner with many IAM and security vendors, to bridge the gap in integrating diverse IAM, security, and enterprise applications. Our services support on-premises legacy systems and multi-cloud services.

To learn more about how Simeio can help modernize your access management, click here.

Contributed by Roland Davis