Access management plus strong authentication – a great recipe against password hijacking?

Restrict access or protect against password hijacking?

I have heard the opinion that an alternative to implementing strong authentication is hardening the internal network by introducing strict access management on access to hosts, ports, type of data transferred, etc. That way, even when the user’s account is taken over, the consequences of hacking will be minimized. Well, I would say those restrictions are not an alternative to strong authentication, but rather these two approaches complement each other perfectly. I would also point out a few facts:

Access management plus strong authentication

1. According to all reports, the most common way to break into computer systems is to hijack the password – by breaking it or stealing it. Here is an example of the attack methods summary:

Access management plus strong authentication - a great recipe for password hijacking?
Access management plus strong authentication – a great recipe for password hijacking?

It follows that protecting the password protects us against the vast majority of cybersecurity events.  But of course, we must not neglect the rest.

2. Since in the event of a hack, the restrictions are to work only after it happens, and authentication is to prevent it, I would consider strong authentication (called MFA – Multi-factor authentication) as the first line of defense, and restrictions as the second. This means that if I could deal with only one issue at a time (e.g. for budgetary, technical or organizational reasons), I would start with the MFA.

3. You also need to look at the ratio of effort to the results obtained.  In point no. 1, we showed we eliminate more than 80% of break-ins by getting the issue of weak and stolen passwords done. The ease of implementing the internal network security varies by organization, and probably using the homogeneous environment or tools to manage the entire heterogeneous one often allows do it quickly.  

However, it is necessary to develop it first, that is, to get to know who uses the resources, how and what kind of, and then discuss everything with all business departments or even individual users. And there will never be any guarantee that the reached consensus will be valid forever. On the other hand, the implementation of MFA also requires a lot of effort – at least in the traditional approach, when we need to modify each application so that it does not only rely on a password but also requires the use of a second authentication component (called 2FA – two-factor authentication), such as providing a one-time code, using a dongle (a hardware key) or scanning a fingerprint.

And what if we have a lot of these apps? And not all of them can be reworked – at least easily (because they come from third parties or are based on old, no longer used technology)? Fortunately, there is a solution on the market that allows you to implement strong authentication completely eliminating the need to modify the applications – from the Secfense company. It acts as an intermediary between the user and the application. For a user, Secfense introduces 2FA, an additional authentication component, and after using it she or he connects to an existing application. From the app’s point of view, it only allows users who have authenticated themselves in a valid, secure way to access it.

Secfense User Access Security Broker Deployment
Secfense User Access Security Broker Deployment

Thus, implementing strong authentication using Secfense not only protects us from the greatest source of threats but is also realized quickly and easily.

Summarizing the way of thinking, I urge you to both, harden the internal network by introducing various types of restrictions, and to implement strong authentication. And to start your adventure with learning more about a multi-factor authentication (MFA) or two-factor authentication (2FA) and exploring the User Access Security Broker solution.

If your organization has already strong authentication mechanisms in place and employees are well educated on cybersecurity best practices and password-related risks then maybe it’s a good time to dive deeper into zero trust security and taking a step into passwordless authentication? Get in touch with us and learn more about our approach to passwordless implementation.

Krzysztof Góźdź drives sales and new business development. Krzysztof has more than 20 years of experience in Information Technology & Services sales and has previously worked for IBM and Hewlett-Packard bringing on board enterprise customers and cooperating with them. Read More

Testimonials

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT

MPEC S.A.