The password has expired – Cetus can help you to change it.
Passwords suck, IT knows it, end-users know it, and the bad guys know it. Passwords can be shared, forgotten, stolen, brute forced, written down and given away.
As IT, we’ve worked hard to make passwords long enough, but the truth is they’re no longer enough. The IT world has tried to improve passwords, we’ve forced users to remember (or write down) ever more complex passwords and we’ve demanded users change their passwords more frequently. Despite best intentions this has done little to improve security and has instead served simply to degrade the user experience.
It’s not just users who are fed up with passwords, our IT helpdesks are flooded with calls asking for help with passwords, they’d like to see the back of them too.
Thankfully, in the last few years multi-factor authentication has become common place, although not yet ubiquitous, it goes a-long way to bettering the security posture.
While adding additional authentication factors has improved security it’s only worsened the user experience. Everything that’s wrong with passwords continues, but now we expect even more of the user.
Second factor authentication can often be frustrating, waiting for codes to be delivered, typing them in secondary devices before they expire and being frustrated by a lack of connectivity for push based authentication are all common pains. What’s more the most common methods for second factor authentication are often vulnerable to social engineering or man in the middle attacks.
Aside from any inherent security concerns, the war on usability is in its’s self a security risk. Your users, as human beings will do whatever they can to make their lives easier, even if that means finding ingenious ways to circumvent security.
So how do we make authentication both convenient and secure? A great start would be to replace the password, replace it with something stronger, something that can’t be shared, guessed, phished or stolen.
Password–less authentication using biometrics, PIN and public/private key cryptography are being integrated with services everywhere using new standards such as WebAuthN and FIDO2.
These standards are designed to replace passwords with biometrics and devices that people in your organisation already use, such as security keys, smartphones, fingerprint scanners, or webcams. Together, biometrics alongside device-based authentication provides more secure two factor authentication and a much-improved user experience.
Using these standards, we can achieve the golden triangle; authentication which doesn’t compromise on interoperability, usability or security. We can deliver authentication which provides interoperability across many services, a great user experience with intuitive sign-in/sign-up user experiences and high security using long standing principles integrated with strong user privacy.
What’s more we can provide contextual authentication, challenging the user for the appropriate authentication mechanisms relative to the risk they present, not just based on location, but real-time security scores based on who they are, what they’re doing, where they are, and their real-time risk informed by complex security graphs based on dozens of signals.
Authentication has come a long way, talk to Cetus today to find out what’s new in authentication and how it can deliver a great user experience, best practice security and the scalability and interoperability to use it anywhere and everywhere.
Credit: Sam Mulhearn – Solutions Architect, Cetus Solutions