Beyond the Password

Beyond the Password

Multifactor authentication has become an essential tool for maintaining data security.

Despite greater focus on improving security awareness in the workplace, poor password practices continue to undermine data protection. More than 80 percent of all confirmed data breaches involve weak, default or stolen passwords, according to Verizon’s 2018 Data Breach Investigations Report.

What’s worse, understanding the danger doesn’t change user behavior. In an annual study by SplashData, “123456” and “password” have ranked as the most commonly used passwords for eight consecutive years. In a 2018 SailPoint survey, 75 percent of employees say they reuse a single password among multiple applications and accounts.

“Traditional password practices are broken,” said Don Gulling, CEO, Verteks. “One recent study found that the average business user must keep track of almost 200 unique passwords. That’s crazy. Who could possibly remember that many? It’s no wonder people create simple passwords and reuse them frequently. There is no doubt we need a more sophisticated approach to authentication and password security.”

MFA Adoption Grows

Multifactor authentication (MFA) is a good place to start. MFA solutions strengthen identity protection by using a combination of verification factors, such as something the user knows(a password or PIN code), something the user has(a security token or mobile app) and something the user is(a biometric identifier). Financial institutions have required two-factor authentication for years, but there is growing support for systems requiring all three factors.

As a result, the global MFA market is expected to grow by 18 percent annually, according to new projections by Absolute Reports. Until just a few years ago, however, adoption was limited due to perceived issues with cost, complexity and convenience.

The use of tokens was considered particularly cumbersome. Traditionally, these have been small hardware devices such as key fobs or smart cards containing encrypted information to prove the user’s identity. In some cases, a user might have to carry multiple tokens for different accounts. A single hardware token might cost $100 or more, which adds up in large organizations.

This also could lead to significant management overhead for IT departments, which must physically distribute tokens each time a new user is added or when a token is forgotten or lost. Plus, overall security is dependent on how well the vendor protects the cryptographic keys — and there are several notable instances in which vendor hacks have compromised hardware tokens.

New Solutions

However, these issues can largely be resolved by replacing traditional tokens with mobile authentication techniques. With the addition of lightweight and inexpensive apps, users can get a one-time password or security PIN sent to the phone via a text message. The key advantage is that users always have their smartphones handy and don’t have to keep track of additional devices. Security is also improved because passwords or PINs are encrypted and randomly generated, rather than stored on the device or in a vendor’s database.

By combining something you know (passcodes) and something you have (the phone itself), mobile authentication creates an easy path to two-factor authentication. However, smartphones increasingly enable the jump to true multifactor authentication with the addition of biometrics. Fingerprint sensors have become commonplace in smartphones since Apple introduced Touch ID in 2014, and newer devices have added support for voice and facial recognition.

More and more mobile applications are adding biometrics support as well. Leveraging the front-facing camera and microphone built into most handsets, applications can create voice and facial recognition capabilities even on older devices that don’t offer built-in biometrics support.

Going Mainstream

Microsoft pushed MFA and biometrics even further toward mainstream usage with the launch of Windows 10. A key feature of the operating system is Windows Hello, a biometric security platform designed to enable multifactor authentication. Hello allows users to securely access Windows 10 devices without a password, using either facial recognition, iris scanning or fingerprints.

Intel has further boosted multifactor authentication with the integration of hardware-enhanced MFA in its Core vPro processor family. Intel Authenticate technology captures, encrypts, matches and stores PINs, biometrics, keys, tokens and associated certificates in the hardware, out of sight and reach from typical attack methods.

The Authpoint MFA platform from WatchGuard Technologies is a cloud-based solution designed for small to midsize businesses. Users simply download the AuthPoint app, which creates a personalized signature called Mobile Device DNA. This makes it possible to distinguish legitimate login attempts from cloned attempts on unauthorized devices. Users authenticate through the AuthPoint app, which can also store third-party authenticators.

“With more than half of all data breaches linked to misused or stolen user credentials, it is clear that passwords provide only minimal defense,” Gulling said. “Multifactor authentication can significantly elevate the overall security posture and dramatically improve an organization’s ability to protect its data, customers and reputation.”