Why use OneAdvanced Identity and MFA?
Do you take the security of your Clients seriously?
As we operate in a global, interconnected, complex world, people can logon with multiple devices, from multiple locations, to numerous applications and services. The one constant in all of this is the identity i.e. the user logging on.
Zero Trust
What is Zero trust and how does it help secure our identities?
- Zero Trust is a security strategy, not a product or a service. It moves away from a trust-by-default perspective to trust-by-exception.
It has the following set of security principles:
- Verify explicitly
- Use least privilege access
- Assume breach
To secure our identities with Zero Trust, we should:
- Verify that identity with strong authentication
- Ensure access is compliant and typical for that identity
- Follow least privilege access principles.
From passwords to MFA
Passwords/password authentication remain the default method of authentication for a huge range of services, both at work and home because it is cheap, easy to implement, and well understood by users.
The average user has many online accounts, creating different passwords for all of them (and remembering them) is hard. Inevitably, users will devise their own strategies to cope with ‘password overload’. This includes using predictable patterns to create passwords or re-using the same password across different systems. Attackers exploit these well-known coping strategies, leaving our customers and organisation vulnerable.
- Research from Google found 52% of passwords are reused across accounts.
- Data from FIDO indicates that passwords are the root cause for over 80% of breaches.
How does additional authentication (MFA) help?
- Passwords can be stolen in several ways, but the most common is when an organisation holding account details suffers a data breach. Criminals will use passwords stolen in the breach to try and access other accounts; a technique known as 'credential stuffing'. It works because many people use the same password for different accounts.
- Criminals may also use phishing techniques (e.g. email, text message or direct messages/chat) to try and access accounts, or simply try the List of the most common passwords - Wikipedia
- Unless we implement an additional method of authentication, criminals can use stolen credentials to access users' accounts fraudulently. This might give them access to sensitive personal data (including financial data such as credit card details) or allow them to impersonate a user to carry out harmful actions.
- MFA reduces the risk of compromise by 99.2 percent.
