Strong authentication is vital to secure all access from the Internet. Requiring an additional step to verify one’s identity is all it takes to prevent someone from just guessing credentials or leveraging compromised credentials sold on the black market. For instance, many companies like Apple and Bank of America have taken measures to help their users address the risk of account takeover by providing them the option to enable a form of multi-factor authentication to secure access to their accounts. Although this is a move in the right direction, user intervention is still required to participate in MFA for understandable reasons. However, in an enterprise setting, businesses should not hesitate to make strong authentication a requirement and should make it a priority to understand all points of access where strong authentication should be implemented.
In Thycotic’s annual survey of participants at the February 2017 RSA Conference in San Francisco, it was found that 50% of users haven’t changed their social network passwords for a year or more, and 20% have never changed their passwords. Although these stats pertain to social media, it provides insight into general password security behavior. Additionally, if and when a social network site is compromised, those credentials are usually sold in the black market which in turn can be used to brute-force other points of access. In fact, according to DailyMail.com posted on Oct. 1, 2018, Facebook logins are now for sale on the dark web for just $3.90 each just days after Facebook learned about a breach that affected 50 million user accounts. If a user tends to use the same password for their corporate credentials to access client remote access VPN services, application control planes, or cloud-based applications, this poses a significant risk to a business. However, how can a business know if their users are practicing such behavior?
The more and more we embrace the cloud and become more connected via the Internet, the more we expose ourselves to risks and increase our attack surface. This is a significant vulnerability that affects every business that relies on the security of username and password, especially for Internet-accessible applications and services. Making strong authentication a requirement for all access is truly the de facto standard in our day and age. There are many great options for multi-factor authentication ranging from traditional One-Time Passwords to push verification methods via mobile apps that have become very popular due to ease of use and simplicity that users are more prone to adopt. Let common sense be your guide – passwords alone are just not good enough these days, and history has plenty of examples as to why.
At Computex, we highly recommend strong authentication to all our customers to improve their security posture and effectively mitigate the risks of account compromise. Identity and Access Management is one of our core cybersecurity managed services that provides our customers essential security features such as multi-factor authentication, single sign-on, and identity lifecycle management allowing them to safely embrace the cloud and take their business to all new heights. Learn more about Computex’s Cybersecurity capabilities by going to: https://www.computex-inc.com/cyber-security/
#multifactorauthentication #breach #magentocore #dailymail #identityandaccessmanagement