One of the drumbeats you may have heard us sounding lately is the dangers of credential compromise. Breached passwords unlock a treasure trove of company resources, and it’s an area of attack that has become increasingly dangerous.
According to Verizon’s Data Breach Investigations Report (DBIR), phishing emails that target user credentials have become the most prevalent of all types of phishing.
These emails will generally trick the user into thinking they are signing into an account they use, such as a file-sharing app like Google Drive or OneDrive. The login form will even look identical to one the user may see on the legitimate site, but it will be a clever fake. As soon as the user logs in, the hacker deploys an automated attack using those credentials. Even if the user realizes a few minutes later and changes their password, it’s often too late.
Password security is one of those problems that are difficult to solve because of the human element. People will naturally gravitate towards making easy-to-remember passwords, and often store them in unsecured ways – such as a phone’s contact app or in an unprotected spreadsheet on their PC.
62% of employees will share passwords through an unsecured email or text message. 49% of them store passwords in unprotected text documents.
These are just a few examples of the challenge of enforcing good password practices.
Another problem with passwords is that they can be compromised outside your company. Even if you have a handle on password security at your company, a vendor you use that stores your employee passwords for its site, may have a breach of its database, exposing passwords that may be used in other accounts as well.
For example, one large breach that impacted 23 million user accounts, many of them small businesses, happened to CafePress, a site that allows you to upload your logo and print personalized items. About 44% of people admit to reusing passwords across personal and work accounts, so one site breach can mean multiple accounts are in danger.
All of the above are just some of the reasons that passwordless security is becoming a cybersecurity standard.
What Is Passwordless Security?
Passwordless security is a new approach to account access that bypasses the username and password combination that we’ve all become used to. One form of passwordless security is a fingerprint scan, like you may have used if you have an iPhone.
While biometric is nice, it’s not always feasible for many companies when it comes to the login of their various cloud accounts. This means that each user would need a physical device that could scan a biometric. Some users also may not be comfortable with this.
Other forms of passwordless security used by TraitWare (a company that Connect2Geek partner’s with) include contextual information that may be included on approved devices, as well as things like QR codes that can be scanned and are not as personal as a facial or fingerprint scan.
What’s in a name? Why is it called “Trait”Ware?
The TraitWare passwordless security application uses user and device traits to verify access rather than passwords, which we know can be easily breached. Let’s take a look at how this could work to secure user login.
Say a user is trying to access a business cloud tool. TraitWare will look at several factors in combination to match that user with the user that is supposed to be logging in.
The person will type in their name and phone number. Then to verify, TraitWare can look for certain song titles on their personal device. These would be titles that were input when the system was first set up to verify the user.
Beyond that, it can look for the device operating system (is someone logging in from the device that’s been registered?), the device name, and the mobile network code that has been pre-registered.
If the designated factors all pass the verification (which takes just a split second), the user is granted access.
A cybercriminal is not going to be able to replicate all those verification traits, which makes passwordless security such a critical standard to use for account security.
How Passwordless Security Works with a Password Manager
So, how do you use passwordless security to access all those various cloud accounts and keep them secure?
It’s through a combination of protections and automation that allow a high standard of security without inconveniencing users or slowing them down by making logins take longer.
TraitWare works alongside Keeper Security’s password manager, which is an encrypted and secure password storage vault.
The system can be connected to multi-factor authentication (99.9% effective at stopping breaches) as well as a single sign-on (SSO) solution, which means users log in once to access all business tools.
While all those layers may sound complicated, it’s really not, because the entire system is automated. We can show you how!
Adopt Passwordless Security & Reduce Cloud Account Risk
Connect2Geek will be providing this new passwordless technology to all Protect IT Plus plans. For any Treasure Valley businesses that would like to improve the user experience while mitigating the risk of a cloud breach, we can help.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.