Connect with Us!
Subscribe to receive new blog post from PureID in your mail box
While password management companies are fighting with each other, the bottom line of major incidents in 2022 is - Passwords are the biggest risk even if you are storing them with Lastpass or any other password manager.
As industry is adopting Zero Trust Architecture, the time is right to #GoPasswordless. In this first blog of the year, we at PureID present 3 strongest points to make your organisation password free in this brand new year 2023.
We have seen Uber getting breached due to MFA bypass and social engineering attacks. Stored credentials stolen from Okta & Twilio were exploited by 0ktapus hacking group, triggering serious supply chain attacks with a blast radius extending to 130+ organisations.
In another incident, credentials phished from DropBox resulted in unauthorised access of 130+ github repositories.
A well designed passwordless authentication solution is a must if you are looking for authentication solution resistant to social engineering & phishing attacks
When you are taking the next flight, you must appreciate the multiple checks that are carried out at the airport as part of Zero Trust Security Model. Not just the traveller's identity is verified, but each and every piece of luggage you carry is checked for possible risk that can aboard the plane.
When a user authenticates to access an enterprise service or network, the traditional solutions stop at the user's Identity verification. The risk coming from the connecting user’s device is not verified. In another incident involving Okta again, the customer support executive of Sykes, connected to Okta’s service portals with a compromised device, enabling the Lapsus$ Extortion Group to access and leak some details from Okta’s apps and system.
Most of the MFA, passwordless solutions, FIDO keys fail to provide the user’s device risk posture and hence provide incomplete security. Check how PureAUTH provides ZeroTrust Passwordless Authentication
I couldn't fix your break, so I made your horn louder - Steven Wright.
That is exactly how the industry approaches the pain of authentication. Since authentication using Passwords + MFA is painful, the applications are designed to provide session cookies that are valid for months. In recent incident with CoudSek, its employee’s Jira account was accessed with stolen session cookies.
With well designed Passwordless solutions, authentication becomes so convenient and smooth that enterprises can enforce shorter sessions and frequent authentication without putting users in any distress. The shorter session span reduces the risk of stolen cookies getting abused.
With the above points and a quick recap of last year’s incidents, we wish you all a safe & secure new year. Looking forward to be your partner in your #ZeroTrustJourney, for which the first step is #GoPasswordless.
Subscribe to receive new blog post from PureID in your mail box