A Password-less Future

A password-less future is on the horizon. The days of remembering 5 different passwords for 5 different systems are already over, and the days of using passwords at all are already numbered.

In fact, Google has already reportedcutting credential theft down to 0since enforcing their Security Key policy in early 2017. How does this future work? Are you ready to embrace it?

Credential theft from phishing emails is nothing new, but it is still the single largest threat facing most organizations. It is difficult to defend against because it relies on every employee making the right decision, every time they are presented with a phishing email. As a defender, we try to reduce risk by restricting user permissions, implementing user training, and deploying Multi-factor authentication. These security layers help defend against credential theft, but they leave the door open for attackers to evolve their techniques in the future.


How can we prevent credential theft forever?

Phishing for credentials has one goal: to trick the target into giving the attacker their username and password. The only way we can guarantee that these attacks won’t work is bynot relying on passwordsat all. That’s where a new form of multi-factor authentication, known as Universal 2ndFactor (U2F), comes in to play. U2F relies on a physical Security Key rather than a password to authenticate the user to the site they want to access. Once the Security Key is connected to the user’s account, they never have to use a password to login again.

U2F is an open source standard that was created byYubicoand Google in 2012 and has been gaining popularity ever since. The World Wide Web Consortium (W3C) began standardizing an API for web sites to manage authentication with U2F in 2016. Since then many major web service providers, including Google, Salesforce, and Duo Security have adopted the standard. Some web browsers (Chrome, Firefox, and Opera) already fully support U2F, while others (Edge, Safari) are in various stages of implementing the standard.

What can you do now?
Have a plan to centralize identity management across your organization. Google and Microsoft (depending which cloud platform you use) are common choices for this. Other companies, such as Duo Securities,OneLogin, andOktaare also popular choices. Each provider has a slightly different look and feel, so be sure to choose one that works for your users. The more sites that are protected by the same identity provider, the greater protection you will achieve by deploying U2F when it is available.

The best defense against credential theft right now is app-based multi-factor authentication. This should be deployed already, if it is not it should be the highest priority project on your technology plan. The same benefit for a centralized identity management provider applies to multi-factor authentication as well.

Working with ATS is a breath of fresh air. ATS takes our information security concerns seriously and advises us how to avoid potential pitfalls with both hardware and software. We are beyond thrilled with ATS and only wish we had selected them a year earlier.
Joseph A. AppelbaumPresident & CEO, Potomac Companies, Inc.
ATS has been our trusted partner in recent upgrades we have made to our IT infrastructure and cyber security. Their account management, project management, and technical teams have all provided top-notch service, guiding us to make informed decisions, managing timelines for multiple projects, and most of all, listening to our needs and making recommendations based on our unique work environment. During the transitions, they have kept us operating smoothly and provided quick and helpful support through their Help Desk.
Amy GavinNutrition.org
I just wanted to take a moment to reach out and thank you for the excellent service you and your team have provided with the hosted SEIM solution. AlienVault is great, but the real value comes from your partnership. The appliance would not do nearly as much for us without your monitoring and consulting services. You have always been on top of things and there for us whenever there is an incident. I feel confident in that our network is secure and I am able to report that our board and clients with full assurance.
Chris HansfordEducationWeek.org
Previous
Next

Related

ATS Employee Feature – Mukta K.

ATS will share the talent and hard work that we call our team. From help-desk and NOC, to consulting, sales, application development, and more –…

Managed Hosting & Cloud Services

We offer a wide range of tailored solutions for affordable, flexible, and secure managed hosting and top-notch support. Download Infosheet

HQ
2751 Prosperity Avenue
6th Floor
Fairfax, VA 22031
Map & Directions
Phone: 703-876-0300
NY
140 Broadway
Suite 2410
New York, NY 10005
Map & Directions
Phone: 888-876-0302
Previous
Next
Contact Us
Linkedin Twitter Facebook Youtube

© 2023 American Technology Services, LLC. All Rights Reserved. Privacy Policy

Scroll to Top