The Current Authentication Landscape
To authenticate a user means to verify that the user is genuine. Classically, the way to authenticate a user is to request their login credentials and ensure those credentials match the credentials stored in your directory service or authentication server. The full history and background of authentication is more complex, but that’s the gist of it.
The need to ensure users are who they claim to be is critical in the context of today’s hybrid IT infrastructures. Organizational data and apps often exist outside the traditional corporate network perimeter in public cloud services. Furthermore, employees, business partners and contractors are accessing IT resources from home or public locations.
Many security professionals say that identity is the new perimeter. This claim about identity extends to devices and applications, but securing machine identities is another topic altogether. If identity is the new perimeter, then making authentication as secure as possible is paramount to protect your critical assets, including sensitive data about customers and intellectual property.
Why Passwords Aren’t Enough
In an ideal world, passwords would be sufficient to authenticate users and ensure that they are genuine. Unfortunately, passwords are susceptible to theft, often through poor password hygiene. Whether it’s reusing multiple passwords across different applications or not creating secure enough passwords to begin with, password theft is rife.
To understand how easy it is to steal a password, consider a study that looked at over 15 billion passwords. The results of this study revealed that the top four most commonly used passwords were:
- 123456
- 123456789
- qwerty
- Password
These passwords are all incredibly easy to guess even for a beginner cybercriminal looking to access a corporate network. This is confirmed by the fact that 80% of hacking incidents stem from stolen credentials or passwords guessed using brute force tactics.
How MFA Can Help Prevent Data Breaches
Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers
![Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers by [National Institute of Standards and Technology]](https://m.media-amazon.com/images/I/410kkIFIBlL.jpg)
