Most organizations switched to work from home hastily last year due to the mayhem caused by the Covid-19 pandemic, often leaving the doors open for malicious elements to come in and infect the corporate resources.
As work from home increased by 5 times when compared to the pre-Covid days, cyberattacks surged by a whopping 260%. In most of the cases, cyberattacks were carried out by stealing user identities or exploiting the poor (or lack of) user authentication mechanisms. Deloitte reports that the three-month span between February 2020 and May 2020 alone saw as many as 500,000 people being affected by data breaches, while the US government reported a 3,000% increase in identity theft attempts due to the Covid situation.
This unprecedented surge in identity theft and authentication-related cyberattacks demands a new security approach, particularly in industries like BFSI, Healthcare, Pharma, PSUs, which are heavily regulated and work with highly sensitive data. Thus, CTOs, CIOs and CISOs need to take a relook at their organizations’ authentication mechanism, to guarantee uninterrupted business operations and strict regulatory compliance while keeping malicious forces at bay.
Passwords – Not secure enough anymore
Passwords is one of the most conventional mechanism used to protect user identities. But passwords, by themselves, are not considered to be secure anymore. In “passwords-only” security model, access is provided based on “what you know” and anyone who knows the password of a user can gain corporate access. Thus, a password-based access doesn’t guarantee that the person who logged in, is the real user. Identity thefts and credential sharing are also increasing, rendering “passwords-only” security model ineffective by the day.
Multi-Factor Authentication – A well-improved alternative
Organizations are increasingly adopting Multi-factor Authentication (MFA) to overcome the limitations of “passwords-only” authentication for preventing unauthorized access.
As part of MFA, OTPs (through SMS or email) or push notifications add a second layer of authentication on top of conventional passwords, minimizing the chances of security breach or identity theft. OTP- or push-notification-based authentication improves the security by verifying “what one possesses” (phone, PC or laptop), along with “what one knows” (password).
Nevertheless, OTP-based MFA is still not foolproof. User’s PC, laptop or phone might get compromised or stolen. Also, from a ‘user experience’ point-of-view, delay in receiving OTPs, or mistyping OTPs may result in suspension of access permissions.
While OTP-based MFA can be considered secure enough for those who are not working with critical data or sensitive information, it is certainly not the ideal authentication mechanism for those who work with valuable information and always remain connected to corporate networks.
Biometrics-based MFA – The best of both worlds
Biometrics-based authentication, like usage of facial verification or fingerprint verification, overcomes the limitations of typical OTP or push notifications-based authentication by essentially providing authentication based on “who you are”. It ensures absolute certainty before granting or denying access as hardly any tampering can be done to ‘Who you are’. Also, it results in significantly improved user experience by overcoming the limitations of OTP or push notifications -based authentication as it does not need users to type in OTPs, nor do they need to have any other device handy.
Continuous authentication – The way to go
Continuous biometric authentication – facial verification that keeps taking place on a rolling basis, once every preset time interval (say every 15 minutes) and locks out the user when the authentication fails – goes one step further in preventing unauthorized access and ensuring top notch security. It is also capable of preventing shoulder surfing. Apart from the first authentication that takes place when the user logs in, all subsequent facial verification happens behind the scenes, leaving the user unaware of the periodical authentication process. Thus, continuous authentication systems provide best-in-class security while enriching user experience, when compared to conventional OTP-based MFA systems.