Idaptive adds remote passwordless authentication, adaptive MFA amid businesses’ access security struggles
Idaptive has introduced adaptive multi-factor authentication (MFA) for endpoint login and passwordless authentication to deliver secure and frictionless access controls for distributed IT staff to work effectively, the company announced.
The need for advanced technologies is evident, as organizations are struggling with new security challenges, risky passwords and ineffective authentication methods, as found the “2020 State of Password and Authentication Security Behaviors Report,” conducted by the Ponemon Institute for Yubico. When asked what type of technologies they would consider adding as protection layers, biometrics, security keys and password-free login ranked first. More than half of respondents would instantly give up passwords and both IT security (65 percent) and individual users (53 percent) trust biometrics would boost security, while more than half trusts a hardware token would provide enhanced security.
The update from Idaptive provides seamless onboarding and secures remote endpoint devices that access company information but are not connected to corporate networks. By deploying the new Idaptive Mac or Windows Agent on the device, users can connect with their credentials and enroll without having to use a VPN or corporate network. The previous enrollment process was time consuming, the company says, because devices provided for remote teams had to be set up before shipping and then connected to corporate networks through a VPN service.
Adaptive multi-factor authentication improves the login authentication process for remote and local users of Windows and Mac endpoints, and assigns risk scores to each login request.
Idaptive’s NGA platform supports FIDO2 authentication to make it easier and more secure to access user and admin portals on all browsers for a secure and frictionless experience.
“These new enhancements do just that: they simplify and automate the on-boarding process, while reducing end-user friction through passwordless authentication, end-user self-service capabilities, and more,” said Idaptive Chief Product Officer Archit Lohokare. “Ultimately, we’re committed to ensuring that IAM is a business enabler, not another complex system for IT, HR, and security teams to navigate on the path to Zero Trust security.”
Report finds biometrics, security keys and password-free login in top user preference
Although they are familiar with strong authentication and password management best practices, IT security professionals and individual users still have not implemented secure authentication practices, but would consider doing so with biometrics, according to the “2020 State of Password and Authentication Security Behaviors Report.”
While companies might introduce a number of security tools, practices and preferences to boost security, their initiatives might not always be accepted by employees and end-users which creates a security loophole in the organization, the report finds.
“IT professional or not, people do not want to be burdened with security — it has to be usable, simple, and work instantly,” said Stina Ehrensvärd, CEO and Co-Founder, Yubico. “For years, achieving a balance between high security and ease of use was near impossible, but new authentication technologies are finally bridging the gap. With the availability of passwordless login and security keys, it’s time for businesses to step up their security options. Organizations can do far better than passwords; in fact, users are demanding it.”
Surprisingly, the report found that individual users have better cyber hygiene than IT executives. As many as 50 percent of executives have reused passwords for workplace accounts, compared to just 39 percent of individual users. When they fell victim to an account takeover, 76 percent of individuals out of 35 percent improved their password management strategy and boosted account security, yet only 65 percent out of 20 percent of IT professionals that were affected reconsidered their security practices.
Phishing attacks are still at the top of preferred attack methods, as 51 percent of professionals confirmed their organization has been successfully hit by a phishing attack, 12 percent dealt with credential theft and 8 percent suffered a man-in-the-middle attack. In spite of these figures, barely 53 percent of IT security executives noticed significant changes in password management or corporate account protection strategies. What’s worse, is they reuse passwords for an average of 12 workplace accounts.
BYOD practices open the door for more risks. While some 55 percent of IT security professionals are allowed to use their personal mobile devices at work, 62 percent say there are no extra security measures implemented by their companies to secure data on mobile phones. As many as 56 percent of individuals that use personal devices to access corporate accounts or information have not activated two-factor authentication.
Password exchange is a major problem, according to 49 percent of IT security professionals and 51 percent of individuals who confirmed sharing their business accounts’ passwords at work with other team members. As if that was not already a major risk, 59 percent of professionals haven’t adopted a password management system and prefer to stick with human memory, while 42 percent rely on sticky notes to writes down passwords.
While a general concern and interest were expressed in protecting customer information and personally identifiable information, 59 percent of security professionals confirmed their customers had been exposed to successful account takeover incidents. Although aware of security risks, 25 percent say their businesses will not roll out a security layer such as two-factor authentication for their customers because 60 percent trust traditional usernames and passwords to be secure enough. An additional 47 percent will not activate two-factor authentication because they feel it would interfere with customer experience and by adding an additional layer for login, the process might interfere with a seamless experience.
However, even though they might deploy two-factor authentication, their chosen layers are not secure enough, the report warns. The survey found that SMS codes (41 percent), backup codes (40 percent) or mobile authentication apps (37 percent) are the top methods companies use to secure customer accounts. SMS and mobile authentication apps were called inconvenient by 23 percent of individuals, who consider security (56 percent), affordability (57 percent) and ease of use (35 percent) crucial in their experience.
The report is based on feedback from over 2,000 IT and IT security professionals in Australia, France, Germany, Sweden, United Kingdom and United States, and 563 individual users.