Authentication2019

Authentication
2019

Why IT Matters

COMPROMISED CREDENTIALS

Four out of every five recent breaches resulted from compromised credentials. (Centrify)

INADEQUATE AUTHENTICATION

Better multi-factor authentication could have prevented 80 percent of breaches. (Symantec)

BUSINESSES ATTACKED

Over the course of 2018, two-thirds of all small- and medium-sized businesses experienced cyberattacks. (Ponemon)

GLOBAL CYBERCRIME DAMAGES

By 2021, global damages from cybercrime will will reach $6 trillion—twelve times the value of the global trade in illegal drugs. (Cybersecurity Ventures)

trying to fix it

Multi-factor authentication (MFA) is the best defense against ongoing threats.

With MFA you can log in only after providing something that you have or are in addition to something that you know.

Multi-Factor Authentication:
Pick 2+

Something You Know

✓  Passwords
✓  Passphrases
✓  Shared secerets

Something You Have

✓  Hardware token
✓  Mobile phone
✓  Common access card

Something You Are

✓  Fingerprint
✓  Facial structure
✓  Behavior and habits

MFA? Consensus.
Passwords? Not so much.

Standards bodies agree on the need for MFA and strong passwords.
They disagree on how to maximize password strength.

Password
Character Rules

password-ch-rules

NIST 800-63

ISO 27001
27002

PCI DSS

_

OWASP

GCHQ NCSC

Plurilock

Password
Auto-Expiry

password-exp-rule

NIST 800-63

ISO 27001
27002

PCI DSS

OWASP

GCHQ NCSC

Plurilock

Passphrases
 

passphrase

NIST 800-63

_

ISO 27001
27002

_

PCI DSS

OWASP

GCHQ/ NCSC

Plurilock

Secret Security
Questions

secret-question

NIST 800-63

_

ISO 27001
27002

PCI DSS

OWASP

GCHQ NCSC

Plurilock

SMS Codes
In-band MFA

true-mfa

NIST 800-63

_

ISO 27001
27002

PCI DSS

OWASP

GCHQ NCSC

_

Plurilock

True Out-of-band
MFA

out-band-mfa

NIST 800-63

ISO 27001
27002

PCI DSS

OWASP

GCHQ NCSC

Plurilock

why authentication is complicated

password-length

The Easy-Hard Problem

Passwords that are hard to crack are also hard to remember and enter.
Passwords that are easy to remember and enter are also easy to crack.

auth-msg

The IN-BAND Problem

SMS and apps, the two leading MFA tools, may deliver credentials to the same device being authenticated.

fingerprint-spoof

The COPY-NO-CHANGE Problem

Fingerprints and face scans have proven to be easier to duplicate than initially imagined, yet can't be changed once compromised.

Each conventional factor
has strengths and weaknesses

strengths
of common MFA factors

yes-chart

Weaknesses
of common MFA factors

no-chart

The industry's Next Step:
a composite that combines them

advanced authentication

leverages conventional MFA concepts in new ways.

This composite authentication strategy adaptively evaluates any available identity factors all at once.
 
This is what we do at Plurilock.

rainbow-stack

2019 Authentication recommend-ations From Plurilock

Use 2+ Identity
Factors

know-icon

Something a user Knows

A password or passphrase.

mobile-blue-icon

Something a user has

A mobile phone or hardware token.

fingerprint-blue

Something a user Is

User behavior or traditional biometric data.

Make Passwords Better

LONG
Each additional character exponentially increases security.

UNIQUE
Avoid a breach domino effect by using a new password for each account.

MEMORABLE
A list of random words is easier to recall than random characters or numbers.

Choose High-Quality, Out-of-Band Factors

Acceptable

mfa-good-1

Password entry on laptop +
Authenticator app on mobile phone

Acceptable

good-mfa-2

Password entry on mobile phone +
fingerprint scan on mobile phone

Not Acceptable

bad-mfa-1

Password entry on mobile phone +
SMS code delivered to mobile phone

These guidelines represent the minimum baseline for secure authentication.

What does strong authentication look like?

Read our 2019 Authentication Guide

Stay informed. Join our low-volume list for news and updates.

PLURILOCK IS THE LEADER IN ADVANCED AUTHENTICATION

Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.

Follow

        

Contact Plurilock

Have a question or comment? 

© 2018 Plurilock. All Rights Reserved. | Plurilock Cage Code L02Z7; DUNS 248484623