Hackers don’t break in – they log in

We talked about this very often so far: Passwords are by far the weakest link when it comes to security today. 81% of successful attacks involve lost, breached or re-used passwords.

There is another fairly current article mentioning that, even when it comes to industrial espionage in the times of COVID-19: State-linked hacking continues amid race for coronavirus treatment, US and UK agencies warn. And if you look into it, they use – well – password spray attacks . This is a well-known attack, fairly hard to detect on-prem.

In this context it is really, really time to move to multi-factor authentication or even go completely passwordless: Protect your accounts with smarter ways to sign in on World Passwordless Day.

If you listen to our CISO Bret Arsenault and our CVP Identity Joy Chick, in this interview, there are a few remarkable statements they make for the journey we had:

  • Biometric authentication is the future (which is obvious).
  • But in this context, never ever store biometric information centrally only locally on devices. This mitigates the risks and combines security and privacy.
  • With technologies like Windows Hello for Business and any FIDO 2 device, you get higher cost for attackers, more productivity and less cost (Bret gives some figures).
  • Last but definitely not least, a lot of companies make the mistake that they feel that things like “Zero Trust” or “Passwordless” are projects to roll out. They are not, it is a journey. Start with the high-value accounts first, start with better password hygiene fist (Azure AD can help tremendously there) and then go into the direction of MFA and passwordless.

Start the journey today! It is not only worth it – it is desperately needed.


*** This is a Security Bloggers Network syndicated blog from Roger Halbheer on Security authored by Roger Halbheer. Read the original post at: https://www.halbheer.ch/security/2020/05/08/hackers-dont-break-in-they-log-in/