IT Security - Sep 13, 2021

MFA/2FA/OTP - Secure authentication in the age of the cloud.

Employees’ identities have become the top risk factor and one thing is clear—the coronavirus pandemic has significantly increased the attack surface for cyberattacks and many businesses’ IT departments are facing an uphill battle. One risk that has been pushed back into the spotlight thanks to the trend towards working from home, is the wide-spread use of weak passwords.

written by

Team Leader Network & Security Engineers – CC-BISS

E-Mail: hans-juergen.martini@bechtle.com

This finding is now seeping through to IT decision makers in Germany and around the world. If someone gets hold of an identity, that person can then access a company’s networks, cloud platforms and application farms without attracting too much attention. Statistically, potential attackers can be in a network for anywhere between 2 weeks and several months before they launch their attack and are discovered.

Passwords – The real danger?

But what does this all mean in the context of corporate IT security?

The one thing that should secure systems by clearly identifying a user’s identity has become a serious security issue for every organisation as every password is linked to one person whose personal decisions determine how secure (or not) their authentication process. The risks posed to companies are clear when we look at the the most commonly used passwords over the last few years. Top spot goes to “123456”, followed closely by “123456789”, and then “password”. It is therefore, the human factor, that presents the best opportunities for cybercriminal attacks.

Potential attackers first objective is not to get their hands on corporate data, but to steal employees’ data. Everyone is familiar with this phenomenon thanks to globally launched and targeted phishing attacks that have filled our inboxes over the last few years.

How do I know if my identity has been stolen?

It’s not easy to say if a user has full and unique access to their identities. There are so many factors, not least technical aspects, which need to first be analysed and not every company has the technical requirements (analytics) to keep a look out for potential password theft.

There is, however, one thing that’s for sure and that is that people and a lack of awareness contribute to user IDs and passwords falling into cybercriminals’ hands.

The impact of a lack of authentication processes.

Affected companies and brands not only have to handle the damage done to their image and reputation, especially in compliance-critical industries such as the financial sector or businesses working in critical industries, but may also be hit by severe fines. And that doesn’t even take into account the threat of being blackmailed by attackers. There are then, plenty of reasons why passwords can actually negatively impact corporate security and therefore become inefficient as a method of authentication.

A strong password The first line of defence.

For many accounts, a strong password remains the first line of defence against attacks from the net. However, from today’s perspective, this falls well short and is something that needs to be discussed by IT organisations. Complex passwords are hard to remember and, depending on businesses’ password policies, are often insufficient to withstand brute force attacks such as password spraying or keyloggers.

What to do when a strong password falls short.

Identity and Access Management (IAM) is critical for the securing hybrid multi-cloud businesses.

The solution today is in the establishment of Identity and Access Management (IAM). One aspect of IAM is the principle of multi-factor authentication which sees users having to use a password plus another method of authentication. Multi-factor authentication (MFA) is a security mechanism that allows people to be authenticated by using more than one security and validation process. In other words, you don’t just enter your user ID and password, but also another unique identifier in order to successfully authenticate yourself and gain access to the on-premise data centre or corporate cloud. This form of authentication increases security when compared with systems that only require the use of a password. In principle, there are four types of authentication process based on possession, knowledge, location and biometric factors.

For example, users have a device they have already been authenticated on, know a password, are logging in from a location with a certain IP address, have a unique fingerprint or are additionally recognised by Face ID. A combination of these is normally enough to ensure that the person attempting to access company resources is really the person they say they are. The more sophisticated the MFA, the more secure access will be to sensitive systems (on-premise or cloud), but user-friendliness shouldn’t be forgotten in the process and this is why additional features such as single sign-on (SSO) play a not insignificant role when it comes to making the working lives of employees in the digital world as easy as possible, but as secure as necessary.

Summary.

Multi-factor authentication enables maximum user-friendliness because biometric processes such as facial recognition and fingerprints don’t require a lot of time and effort on the part of the employee because they are designed to be simple. At the same time, the use of MFA increases protection against unauthorised access as users tend to prefer avoiding more complex, manual processes. As a result, MFA makes it more difficult to steal an identity and that is especially important when it comes to confidential activities such as bank transfers, payments and access to sensitive information.

The benefits of MFA:

  • Optimised security through a combination of different authentication processes (e.g. possession, knowledge, location, biometrics)
  • Increased user-friendliness with biometrics (e.g. Fingerprint, Face ID, single sign-on)
  • More flexibility when it comes to protecting corporate resources (on-premise/cloud)
  • More difficult to steal identities.

The trend away from using traditional passwords and the risks associated with them towards multi-factor authentication is set to continue. The current global movement towards more teleworking is greater growing market opportunities for MFA solutions. As a culture of mobile working gains a foothold in many organisations, it’s more important than ever to provide employees the tools and resources to work securely online—both privately and professionally.

How and which technologies can be leveraged to secure your identities are best discussed with our specialists in the BISS (Bechtle Internet Security and Services) Competence Centre.

You can also get in touch with us directly via e-mail at

hans-juergen.martini@bechtle.com

or

security@bechtle.com

Share article

Published on Sep 13, 2021.