GlobalSign Blog

"Your password has been hacked!" Why Multi-Factor Authentication offers better security

The problem with weak authentication security

“Single factor authentication tends to be the norm, but relying on only one factor provides a single point of failure for your network and systems that can at times be easily defeated by phishing and other attacks.”

John Harris for GlobalSign

Authentication is imperative with today’s growing cyber threats. It is the main method for verifying a user, machine, or device before allowing them access to a corporate network or information system. As more organizations implement remote and hybrid workforces, there is an increasing need for a reliable authentication method to control access. Companies are starting to recognize the importance of authentication that goes beyond passwords alone.

According to Verizon, 81% of data breaches are password-related. Hackers can crack 90% of passwords in less than 6 hours. If there is a technology to crack passwords, why are users so lenient? 66% of Americans use the same password on multiple accounts which means it only takes one compromised account for a hacker to be able to access all their accounts. What’s also alarming is 54% of users still do not change their passwords even after getting hacked.

Without strong authentication, hackers can easily log onto private networks and steal online identities and data.

Importance of Multi-Factor Authentication (MFA)

“MFA can block over 99.9 percent of account compromise attacks” — Microsoft

Why do we need authentication? Before, people thought that stronger security meant more complexity in deployment and making systems less user-friendly made them more secure. In reality, security and user experience must be in favor of each other. The ease of use is the most important thing. It has to be usable and if possible, frictionless.

Today, organizations have the option to deploy MFA without the need for passwords to remain secure. They can be implemented without adding burden on users and systems. In fact, a research found that there are higher satisfaction rates with passwordless MFA logins among users.

With MFA, it takes more than one layer of security to be breached before an account gets compromised. When it does (very unlikely), users are prompted of a suspicious activity which gives them time to react and secure their accounts and devices accordingly. If organizations are not only aware but also implement MFA in their networks, their chances of getting breached are far less versus using single factor authentication.

What is the best authentication method for my organization?

At GlobalSign, we offer certificate-based authentication for your specific business needs. Here’s a quick rundown to help you in choosing the right authentication methods within your corporate networks—with or without passwords:

  • Machine and Server Authentication

    Our certificate-based authentication is ideal for organizations who want to keep trouble out by ensuring only the right machines and servers have access to their corporate networks. It ensures only those with the proper credentials can access and navigate through corporate networks.

    Machine and server authentication features Auto Enrollment Gateway (AEG) to deploy and manage Digital Certificates with ease. Through the Active Directory (AD) integration, it is also easy for organizations to automatically issue template-based certificates across all machines and servers.

  • Mobile Devices Authentication

    Aside from machine and server authentication, certificate-based authentication also enables only selected mobile devices into the corporate networks. It is ideal for companies who want to support Bring Your Own Device (BYOD) and secure corporate devices through authentication. This means that only approved mobile devices can connect to Wi-Fi and VPNs.

    Using Digital Certificates for mobile devices provides the following security:

    • Email Encryption and Signing
    • Email Authentication
    • VPN and Wi-Fi Authentication

    We recommend this type of authentication if your company is always on the go and wants an effective authentication method for your workforce’s mobile devices without running the risk of external or malicious devices leeching into your Wi-Fis or VPNs.

  • USB Tokens and Smart Cards Authentication

    Organizations who want their certificates stored on a physical device to reduce their risk of breach can also benefit from certificate-based authentication. Using tamper-resistant tokens are resistant to any attacks on the operating system (OS), giving companies a leverage against system attacks and hacking.

    Like the Machine and Server Authentication, USB Tokens and Smart Cards Authentication also offers Auto Enrollment Gateway (AEG) integration so enterprises operating in Windows environments can automatically issue certificates to USB tokens and smart cards when users log onto their computers for the first time.

  • Cloud Authentication

    Perfect for organizations that use cloud services, certificate-based authentication lets organizations control access for services like Salesforce, SharePoint, Google Apps, and Amazon Web Services. Digital Certificates provide additional layer of security that beats complicated and hard to remember passwords.

  • Private Networks Authentication

    Certificate-based authentication provides security for organizations that want to add another layer of authentication for their VPNs, Gateways, Wi-Fi Networks, and other corporate networks.

Certificate-based authentication is a solution for organizations looking to secure users, machines, and devices. It caters to specific company needs of all sizes, offers one solution for all endpoints without the need for any additional hardware, and does not add any burden on users. It is the perfect solution that solves single and traditional authentication-related issues.

Share this Post