MFA and passwordless authentication effective against growing identity threats
A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face in securing a rapidly growing number of identities and approaches toward security and digital identity. A press release says the 2024 report shows that 90 percent of organizations experienced an identity-related incident in the past year, with 84 percent reporting a direct impact on business – up from 66 percent in 2023.
“As the number of identities increases (identity sprawl), more businesses are suffering identity-related incidents and are identifying securing them as a top priority,” says the report. “We continue to see that securing these identities remains a significant challenge, and security outcomes remain a large work in progress.”
Other key findings underline the important role that digital ID and credentialing plays in security for businesses. Managing and securing digital identities is named as the number one priority for 22 percent of businesses. Solutions-wise, 81 percent of identity stakeholders see passwordless authentication as a good way to address identity issues, while 37 of respondents said implementing multi-factor authentication (MFA) for all users could have prevented or minimized the effect of incidents.
“Identity-related incidents are on the rise, emphasizing the need for strong identity security measures,” says Executive Director of IDSA, Jeff Reich. “Many of today’s major breaches result from sophisticated phishing and social engineering attacks or not having multi-factor authentication. These incidents not only impact operations, they cost a fortune. And they can also lead to significant drops in stock prices and lasting reputational damage.” Reich says that as identity threats become more severe, organizations need to strengthen their identity security frameworks, or risk falling victim to fraudsters.
Hypr provides risk-based access control for CrowdStrike
In a release, identity assurance firm Hypr announced the integration of its FIDO-certified MFA into the CrowdStrike Falcon extended detection and response (XDR) platform. Boasting Falcon’s high-fidelity security telemetry, plus the capability to factor device posture information and user risk signals into monitoring along with identity provider, web and browser risk-engine verification data, the deployment promises to enable “contextual access decisions” that reduce identity-related risks while making login more efficient for trusted devices and users.
“We are empowering organizations to implement truly risk-based access control, granting seamless access to trusted users while automatically mitigating risks associated with compromised devices,” says Rich Gibsen, vice president of product management at Hypr.
Cisco Duo MFA switch included biometric proximity prompt
Cisco Duo has announced that passwordless authentication for Windows Logon is now in private preview. The option is compatible with Duo Passport; “together,” says a blog from Cisco Duo, “the two capabilities deliver a true and secure single sign-on experience for the workforce right when they start their day by logging into a Windows device.”
Once users are enrolled for passwordless authentication for Windows Logon, the Proximity Push feature automatically sends a biometric prompt, which cannot be approved unless they are within proximity of the endpoint machine requesting approval. The biometric system is driven by Bluetooth Low Energy (BLE) tech, and combines with single-use cryptographic nonces for additional security.
Microsoft, Thales partnership stands firm against threats
A blog post on Security Boulevard cites a study published by Microsoft in May 2023, showing that the use of MFA in cloud deployments reduces the risk of compromise by more than 99.2 percent. “Moving from passwords to more modern authentication methods is becoming essential for organizations to protect themselves against cyber threats, improve the user experience and reduce password costs,” the blog says. “Employees, suppliers or consumers are completely overwhelmed by the proliferation of passwords to access the online services.”
Migration to multifactor authentication systems does present some challenges, however. The blog notes the issue of activating MFA for all users when some may not have mobile phones.
“Thales and Microsoft have combined their offerings to provide a more powerful and flexible solution for organizations to expand passwordless authentication everywhere,” it says. “SafeNet Trusted Access offers one of the most comprehensive portfolio of authentication methods on the market, enabling organizations to secure the variety of their users’ authentication journeys, depending on the context and devices used.”
In other Microsoft multi-factor authentication news, Microsoft Azure will require mandatory MFA beginning in July 2024. A post from Spiceworks says the rollout extends to PowerShell and Terraform, excluding Azure-hosted apps, websites, or services. MFA options include Microsoft Authenticator, SMS, voice calls and hardware tokens, and settings can be tailored based on user risk signals and other data.
Article Topics
cybersecurity | digital identity | Duo Security | HYPR | identity assurance | IDSA | Microsoft | multifactor authentication | passwordless | Thales Digital Identity and Security
Comments