Why You Need to Ditch Legacy Authentication (And Pick Multifactor Instead)

Why You Need to Ditch Legacy Authentication (And Pick Multifactor Instead)

Why does your business need to ditch its legacy authentication and pick multifactor authentication instead? 

For years, enterprises depended on single-factor authentication. You know how it goes: please input your username and password into the proper fields and click “Log In.” This mode of authentication is so basic and prevalent that some IT decision-makers struggle to realize the diversity of options available. Beyond some mobile devices allowing for biometric authentication, most users don’t even know that other options exist. 

However, single-factor, password-only authentication isn’t secure. In fact, your authentication could prove as much of a liability as anything in your IT environment. Here’s why you need to ditch your legacy authentication now

Why You Need to Ditch Legacy Authentication

Passwords Are Weak

Hey, what is your password?

Most likely, you wouldn’t fall for such an obvious ploy (unless disguised in a phishing attack). Yet in a significant proportion of cyber-attacks, hackers don’t need you to answer. They can already guess. 

Users both privileged and regular use incredibly weak passwords to secure even the most sensitive of data. These include passwords that would otherwise seem like jokes: “123456,” “qwerty,” and “password.”

No one can blame your users. Most likely, they need to keep track of dozens if not hundreds of accounts. Taking the easy way out in password creation, especially if they must remember all of them on their own, is understandable. Yet that does mean that with a few guesses, hackers could bypass your single-factor authentication. 

Worse, if users reuse any of their passwords (a cybersecurity sin which proves almost universal) then multiple accounts within your business might become vulnerable simultaneously. Additionally, it means a hack or breach on another business could lead to a breach of your own business in a domino effect. 

Let’s assume that this isn’t the case, though. What if each user creates a strong, individual for each account? Even then, you are not safe. Hackers could just as easily guess the passwords from publicly available social media data. Alternatively, multiple Dark Web vendors offer the unscrupulous password cracker tools which can automatically input passwords until something clicks. 

You need to ditch your legacy authentication because it isn’t even a locked door. It’s a door with a sign that says “No Entry” and no means of enforcement. 

Authentication Doesn’t End at Logins

What happens when a hacker does break through your authentication protocols? How would your enterprise realize there is a problem before it is too late? 

Unfortunately, the answers to these questions often reveal a grim reality. With single-factor authentication, most hackers gain unlimited access to the IT environment once they break-in. Worse, IT security teams don’t realize the network has been compromised until the damage becomes obvious. 

If you can’t see what happens beyond your login page, then you need to ditch your legacy authentication and pick a solution with continuous authentication. Continuous authentication examines users’ behaviors and compares them to baselines. 

For example, behavioral biometrics looks for common patterns in how a user acts in the IT environment, including their typing patterns. If a user fails to meet the baseline, the solution can freeze their account so the IT team can investigate. 

To put this in analogy, a drawbridge is a good way to keep attackers outside. But keeping a close eye on your guests stops spies. 

Multifactor in a Nutshell

We could go into detail about the different options of multifactor authentication, from the simplest two-factor authentication to elaborate five-factor protocols. However, we advise you to consult our Identity Management Buyer’s Guide for the full details, or our Privileged Access Management Buyer’s Guide

We do wish to leave you with this bit of parting wisdom: the more factors between the access request and the access granted, the better. 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner