Do you know what Adobe, Apple, Sony, Yahoo and Twitter have in common?
Hint: Yes, they are mega-companies making hundreds of millions of dollars annually, but that’s not it.
Answer: They’ve all been hacked by cybercriminals who breached passwords.
That’s right — passwords.
How do they do it? How do hackers guess passwords containing uppercase letters, lowercase letters, numbers and symbols? Do they spend their every waking moment trying out new combinations? Are they psychic?
It’s actually easy for expert hackers to guess passwords, especially if they are weak passwords such as “12345” or “letmein.” To breach stronger passwords, hackers use password “crackers,” or software that repeatedly creates millions of letter/number/symbol combinations until the correct password is found. One type of password attack is the “dictionary” attack. The other is a “brute force” attack. Dictionary attacks use software that scans huge word files until the correct password is detected. Brute force attacks scan lists of virtually every possible password character. Although brute force attacks may take ten times as long as a dictionary attack, it’s inevitable that targeted password authentication processes will be thoroughly breached.
The Power of Multi-Factor Authentication — What It Is and How to Use It
Multi-factor authentication (MFA) should be part of all identity management programs designed to protect networks from devastating security breaches. Any information inputted before entering a computer system that is meant to authenticate, or prove someone is who they are, is considered authentication. Most authentication methods involve one item only — a password. Hackers rejoice when they discover a bank or company account is “protected” with passwords, since either a dictionary or brute force attack will ultimately give them access to sensitive information, cash, identities or, unfortunately, all three. With multi-factor authentication, hackers must crack several layers of security protected by multiple authenticators that include PIN numbers, strong passwords, physical tokens such as debit cards requiring PINs or smartcards and/or unique, biometric identifiers such as retina or fingerprint scans.
Beyond The Password: Identity and Access
SSO: A Result of Federation
Single Sign-On for Identity Management
With the ability to streamline company processes by providing customers and employees with easy yet secure access to systems, single sign-on is a powerful type of identity management that is rapidly making the transition to the cloud. SSO allows businesses to provide one-click access while managing identities and enforcing directory policies. In addition, SSO applications eliminate password sprawl and offer higher LoAs with MFA. Companies secured by SSO can also terminate accounts instantly over all applications and eliminate the need for users to remember several different credentials, which usually results in replicated passwords and a compromised system.
Authentication vs. Authorization
Buyer’s Guide to Multi-Factor Authentication
The Benefits of MFA
Higher Level of Assurance
Multi-factor authentication brings something to the table that primitive password use does not — a quantifiable measurement called higher level of assurance, or LoA. High LoAs mean that hackers must break through several layers of security, not just one.
Google offers further delineation of LoAs in relation to e-government transactions:
Currently, the most popular form of multi-factor authentication used by larger companies and government agencies is token-based MFA due to its affordability, ease of use and higher level of assurance.
Your Environment Determines Your Solution
The Tactical Approach to MFA
Typing Biometrics and Other Multi-Factor Authentication Methods
Synchronous and Asynchronous Tokens
MFA tokens can be ATM cards, smartcards, key fobs, cell phones or software. Synchronous tokens are powered by event triggers or clocks kept in sync with an authentication system. Users generate codes by viewing their tokens at the same time they authenticate themselves or by pressing buttons on certain tokes to generate codes.
Asynchronous tokens are also called Challenge/Response tokens. They do not need event counters or internal clocks to operate. Instead, the authentication process sends a challenge — short string of letters/numbers — which the user must enter into the token to generate a response.
By maintaining associations of tokens with each user, authentication systems “know” the unique configurations installed on each token. This ensures token codes generated have some exclusively from a specific token.
Smartcard, Radio Frequency Identification and Biometric Multi-Factor Authentication
Commonly used smartcards include ATM cards, debit cards and credit cards containing computer chips that store identity information on a magnetic strip. Biometrics are advanced forms of MFA that scan fingerprint or retinal symmetries or analyze voice patterns to confirm someone is who they say they are. Radio-frequency identification uses a device to detect the presence of a token in a person’s possession.
Rule-Based Multifactor Authentication
Risk-Based Policy — Adaptive Authentication
Better Biometrics Through Your Keyboard
Multi-Factor Authentication — A Best Practice Standard for Stopping Security Breaches
These facts underscore the benefits of MFA and SSO that are critical to any company’s long-term success and integrity:
Best Practices for More Secure Authentication
Software and Cloud Services From Optimal IdM
Can’t wait? Get Optimal IdM IAM Services Now