HYPR argues for decentralized biometric credentials in enterprise white paper
HYPR has published a white paper co-authored with Alan Goode of Good Intelligence to help enterprises distinguish between password-less systems that improve security from those merely intended for convenience. The “True Password-less Security” report details how most companies that have adopted biometrics have not eliminated user passwords, and have been left vulnerable to credential stuffing and reuse attacks, according to the announcement.
Password breaches and credential stuffing attacks are at an all-time high, HYPR says, and reliance on centralized passwords makes companies vulnerable to a range of attack types, including phishing, social engineering credential theft, account takeover, payment fraud, prepaid product cash-out scams, loyalty fraud, and large-scale data breaches.
“Credential stuffing attacks are on the rise. Akamai’s report found over 8 billion malicious login attempts in mid 2018. That’s a massive problem worth focusing on and with so many enterprises moving away from passwords, it’s important for us to ensure the industry takes the right approach in adopting true password-less security,” said George Avetisov, CEO of HYPR Corp.
Password elimination has received significant attention from analysts and vendors, and recent surveys have indicated public attitudes may have reached a tipping point, but the report suggests that some early efforts to reduce their use have fallen short.
“This is a really important study as many organizations that think they are going password-less are in fact still using their legacy centralized password solutions. The user experience may have a feeling of being password-less but in fact they are just leveraging what is on the phone to unlock the credential (usually a password) that gets verified exactly the same way as the existing password system. It’s like putting on a new door for an old house,” said Alan Goode, CEO & Chief Analyst of Goode Intelligence.
To remedy the situation, the report defines criteria for a password-less architecture, identifies security risks associated with centralized credential storage, and argues for decentralized authentication as a convenient way to deliver true password-less security at scale.
The report is available for free download from HYPR’s website.
HYPR expanded its operations to the UK and EU earlier this year.