More than 80% of all hacking-related breaches in 2017 were linked to stolen or weak passwords, according to Verizon. Stolen credentials remain the favorite tools for hacking in the current year too. If passwords are your best bet to keep infiltrators at bay, good luck!
It’s high time you looked at stronger authentication options to check infiltrators right at the entry points. Check out new authentication methods such as risk-based authentication (RBA) to strengthen your business’ perimeter defenses.
Organizations that won’t align to evolving access authentication methods risk exposing their assets to theft and prying.
What is authentication?
Authentication is the process of verifying the identity of a user and, by extension, of the hardware and software requesting access on the user’s behalf. Authentication solutions primarily work by checking the credentials provided by a user against a database of user information.
If the credentials match, the authenticated entity may be granted permission to use different resources based on defined rules. This process of checking whether an authenticated user has permission to access a given resource is called authorization.
Authentication and authorization come under the larger umbrella of identity and access management solutions.
Why is authentication becoming more important?
Authentication has grown in importance because of the following reasons:
Rise in cloud computing: A third-party’s servers host your data when you use cloud-based apps. In public or hybrid cloud models, you’d be sharing the infrastructure with multiple tenants. While you gain cost benefits from cloud, you compromise absolute control over your data. When you don’t have complete control over what happens once one gets in, strong authentication measures to prevent unauthorized entry at the first place should be on your priority list.
Proliferation of IoT devices: While IoT benefits by facilitating automation and digital twins and generating new data for you to leverage, it adds more endpoints to your network. In simpler terms, it puts up more doors on your perimeter, increasing the number of entry points for breaking in. To avoid infiltration, you’d need sentries at all doors.
5 commonly used authentication methods
Here are some of the most commonly used authentication techniques. Your business must necessarily use one or more of these to authenticate user identities.
- Passwords: Passwords are the most common and simplest forms of authentication methods. Using a password manager tool can help you store and organize your passwords. This will also save the need to remember multiple passwords and help improve password hygiene.
- Single sign-on: Single sign-on (SSO) is an authentication mechanism that allows a user to set one password to authenticate his/her identity for accessing multiple apps/servers on a network.
- Token authentication: This method uses material devices to authenticate and authorize people. Common forms of tokens used include RFID chips, dongles, and cards. Token authentication requires a user to possess the tangible device as well as separate user credentials.
- Biometrics: Biometrics refers to an individual’s unique anatomical attributes such as retinal patterns or fingerprints. This method needs specialized scanning equipment and is costlier than other methods. But it’s a strong authentication method as no two users will have identical attributes.
- Multi-factor authentication: Multi-factor authentication (MFA) is an authentication approach that uses a combination of two or more methods discussed above.
Assess the criticality of a resource to determine what authentication method would best meet the requirements. For example, you’ll need stronger methods such as biometrics or token authentication for granting users access to your data centers while passwords may suffice for authenticating user access to your networks or software applications.
Newer authentication methods
Though traditional approaches such as passwords and biometrics will remain the bedrock of user authentication framework, it’s important to watch out for the newer approaches that can strengthen your defenses.
Most of the new authentication methods are based on the concept of “passwordless access.”
- Bring Your Own Identity: Bring Your Own Identity is a digital authentication method in which a user’s credentials (password and username) are managed by a third-party identity provider. Users can sign-in to a website or application using their existing social identities such as Facebook and LinkedIn. This approach provides users with single sign-on capabilities but also raises question about data privacy.
Bring Your Own Identity (Source)
- Certificate-based authentication: Certificate-based authentication methods use digital certificates to verify the identity of a user or device. Digital certificates are issued by certification authorities ,such as Verisign or Entrust, and guarantee the validity of a digital identity. Instead of entering username and passwords, the user only has to provide his/her digital certificate to request access.
Digital certificate generator (Source)
- Risk-based authentication: Risk-based authentication (RBA) is an emerging authentication technology that uses user-behavior patterns, device information, and other details to authenticate a user. Machine learning algorithms are used to study user behavior such as their typing habits, the time they log in, etc. When a person tries to access a resource, the RBA system evaluates their credentials based on these parameters. Any deviation from the normal will require the user to fall back to additional verification such as biometrics, one-time passwords, or security questions.
- Blockchain-based authentication: Authentication applications are trying to leverage blockchain’s decentralized architecture to improve identity management. Techniques such as generating a token over the blockchain and validating the token through a private key owned and held only by the intended user will help ensure that only the true owner can access a resource.
Weigh the costs and benefits of newer authentication methods before embracing them. Look for tested use cases before purchasing authentication tools based on new methods.
Best practices for selecting authentication methods
Deciding on the authentication methods best suited for your business can be challenging especially when you have to secure resources of different sensitivity levels.
Three steps you can follow to choose authentication tools:
- Identify the resources that require user authentication: List down all your current and planned resources that could use authentication. These can be your corporate networks, in-house applications, data centers, business partners’ network, or other communication channels such as fixed landline phones.
- Determine risk-tolerance levels for each resource: Determine the kind and level of risks associated with all the listed resources. This could include analyzing the source of access requests, such as requester designation, type of device, and geo-location. Also, check if any resource requires adherence to compliance regulations. For example, PSD2 rules require banks to use at least two separate authentication methods to verify customers when using digital banking resources.
- Evaluate and choose an optimal mix of authentication methods: Evaluate different authentication methods for different resources. Highly sensitive assets will need stronger authentication methods. You’ll need to choose an optimal mix of authentication methods, keeping budget and risk tolerance levels in mind.