Do you know what Adobe, Apple, Sony, Yahoo and Twitter have in common? Hint: Yes, they are mega-companies making hundreds of millions of dollars annually, but that’s not it. Answer: They’ve all been hacked by cybercriminals who breached passwords. That’s right — passwords. How do they do it? How do hackers guess passwords containing uppercase letters, lowercase letters, numbers and symbols? Do they spend their every waking moment trying out new combinations? Are they psychic? It’s actually easy for expert hackers to guess passwords, especially if they are weak passwords such as “12345” or “letmein.” To breach stronger passwords, hackers use password “crackers,” or software that repeatedly creates millions of letter/number/symbol combinations until the correct password is found. One type of password attack is the “dictionary” attack. The other is a “brute force” attack. Dictionary attacks use software that scans huge word files until the correct password is detected. Brute force attacks scan lists of virtually every possible password character. Although brute force attacks may take ten times as long as a dictionary attack, it’s inevitable that targeted password authentication processes will be thoroughly breached.
The Power of Multi-Factor Authentication — What It Is and How to Use It
Multi-factor authentication (MFA) should be part of all identity management programs designed to protect networks from devastating security breaches. Any information inputted before entering a computer system that is meant to authenticate, or prove someone is who they are, is considered authentication. Most authentication methods involve one item only — a password. Hackers rejoice when they discover a bank or company account is “protected” with passwords, since either a dictionary or brute force attack will ultimately give them access to sensitive information, cash, identities or, unfortunately, all three. With multi-factor authentication, hackers must crack several layers of security protected by multiple authenticators that include PIN numbers, strong passwords, physical tokens such as debit cards requiring PINs or smartcards and/or unique, biometric identifiers such as retina or fingerprint scans.
Higher Level of Assurance
Multi-factor authentication brings something to the table that primitive password use does not — a quantifiable measurement called higher level of assurance, or LoA. High LoAs mean that hackers must break through several layers of security, not just one. Google offers further delineation of LoAs in relation to e-government transactions:
- Level of Assurance 1: Minimal confidence in the validity of someone’s identity — hackers breaching passwords, for example
- Level of Assurance 2: Some confidence in the validity of an identity — may or may not be a hacker
- Level of Assurance 3: High confidence in the validity of an identity — supported by multi-factor authentication
- Level of Assurance 4: Very high confidence in the validity of an identity — supported by multi-factor authentication
Currently, the most popular form of multi-factor authentication used by larger companies and government agencies is token-based MFA due to its affordability, ease of use and higher level of assurance.
Synchronous and Asynchronous Tokens
Synchronous means that only one thing can be executed one at a time, while asynchronous means that multiple commands can be executed at one time. Examples of multi-factor authentication tokens are ATM cards, smartcards, key fobs, cell phones or software.
Synchronous tokens are powered by event triggers or clocks kept in sync with an authentication system. Users generate codes by viewing their tokens at the same time they authenticate themselves or by pressing buttons on certain tokens to generate codes.
Asynchronous tokens are also called Challenge/Response tokens. They do not need event counters or internal clocks to operate. Instead, the authentication process sends a challenge — short string of letters/numbers — which the user must enter into the token to generate a response.
By maintaining associations of tokens with each user, authentication systems “know” the unique configurations installed on each token. This ensures token codes generated have come exclusively from a specific token.
Smartcard, Radio Frequency Identification and Biometric Multi-Factor Authentication
Commonly used smartcards include ATM cards, debit cards and credit cards containing computer chips that store identity information on a magnetic strip. Biometrics are advanced forms of MFA that scan fingerprint or retinal symmetries or analyze voice patterns to confirm someone is who they say they are. Radio-frequency identification uses a device to detect the presence of a token in a person’s possession.
Single Sign-On for Identity Management
With the ability to streamline company processes by providing customers and employees with easy yet secure access to systems, single sign-on is a powerful type of identity management that is rapidly making the transition to the cloud. SSO allows businesses to provide one-click access while managing identities and enforcing directory policies. In addition, SSO applications eliminate password sprawl and offer higher LoAs with MFA. Companies secured by SSO can also terminate accounts instantly over all applications and eliminate the need for users to remember several different credentials, which usually results in replicated passwords and a compromised system.
Multi-Factor Authentication — A Best Practice Standard for Stopping Security Breaches
These facts underscore the benefits of MFA and SSO that are critical to any company’s long-term success and integrity:
- Identity theft is more profitable today than drug crimes and represents the fastest-growing global crime.
- Over 1.5 million records containing ID information and sensitive data were breached by cyberthieves every single day in 2013.
- Contrary to common belief, hackers do not exclusively focus on attacking banking and retail industries. Transportation, utility and manufacturing organizations of all sizes are attractive to hackers, especially since many of them fail to implement multi-factor authentication practices within their network.
- Once they’ve accessed a network, hackers can steal information, change programs, destroy important data, infect systems with malicious codes and even spread damaging propaganda to customers, employees and contractors.
Take Proactive Action Now Before Disaster Strikes
Optimal IdM, LLC is a global provider of effective identity management business solutions focusing on multi-factor authentication and single sign-on implementation. We provide professional assistance for businesses that want to remain proactive regarding the security of their computer networks and customer base. With hackers constantly developing covertly sophisticated methods for infiltrating businesses, your present security processes are probably outdated and ineffective. Learn more about why your company may be at risk for suffering a cyberattack by contacting us today.