Identity and access management solution provider Okta recently released a brand new whitepaper: “5 Identity Attacks that Exploit Your Broken Authentication.” Their upfront premise is the traditional single-factor, password-based authentication is a broken authentication scheme. With identity becoming the new perimeter for enterprises, broken authentication is just as dangerous as having a broken firewall.
What does Okta consider the most devastating broken authentication exploits?
- Broad-based Phishing Campaigns
- Spearphishing Campaigns
- Credential Stuffing
- Password Spraying
- Man-in-the-Middle Attacks
Of these broken authentication exploits, phishing attacks and other social engineering attacks are perhaps the most well-known as they have been increasingly prevalent due to their success rate. However, credential stuffing and password spraying are equally viable hacking techniques that take advantage of the weakness of passwords. The former uses the likelihood of duplicated passwords to access different accounts by the same user, while the latter attempts to use weak but common passwords like “password1” to gain access.
Okta recommends that enterprises stop relying on broken authentication schemes like single-factor logins. Instead, the solution is to deploy multifactor authentication (MFA). Phishing attacks generally can’t obtain the secondary or tertiary factors necessary to break into an MFA-protected network. Password spraying and credential stuffing also fail since neither stolen credentials nor weak credentials are enough to gain access to MFA systems.
To diverge from Okta’s whitepaper for a moment, multifactor authentication does not need to be a uniform deployment. It can be varied based on the privileges of the employee in question or on the sensitivity of the data contained in a database. Even though MFA can be a hassle to deploy and work with, you wouldn’t compromise your physical security—why should you compromise your digital security?
You can read the full Okta “5 Identity Attacks that Exploit Your Broken Authentication” whitepaper here.
Latest posts by Ben Canner (see all)
- What is Vendor Privileged Access Management (VPAM) And Why Does It Matter? - February 27, 2020
- How To Identify The Right Identity Management Solution for Your Use-Case - February 25, 2020
- 1Password Study Reveals the Dangers of Shadow IT Account Creation - February 24, 2020