Passwordless Authentication 101: What it is, How you can adopt it, and Why it’s the future

To stick with passwords or to go passwordless is a million-dollar cyber security question. Resetting, remembering, and changing passwords regularly is not only frustrating but puts critical information at risk. But at the same time, have we reached a point where we can realistically remove passwords entirely from our authentication processes?

The drawbacks of passwords

Strong passwords are difficult to remember, and weak passwords are too easy to hack. Additionally, overuse of the same passwords across multiple platforms can result in breaches during credential stuffing attacks.

According to a report from LastPass, weekly time spent managing users’ passwords and login information has increased 25% since 2019. The report also says that 85% of employees agree that their organization should reduce the number of passwords required to be used daily. And according to Verizon data, 81% of data breaches involve weak, default, or stolen passwords.

What is Passwordless Authentication?

Passwordless authentication is user-friendly and secure and brings to the table reduced IT costs by eliminating password-related risks, increased productivity as employees save time remembering or updating passwords, and stronger security. In short, passwordless authentication is both convenient and secure.

Passwordless authentication relies on the same principles as digital certificates, on public and private keys. Think of the public key as the padlock and the private key as the key that unlocks it. With digital certificates, there is only one key for the padlock and only one padlock for the key. For passwordless authentication, a cryptographic key pairs with a private and a public key. A user wishing to create a secure account uses a mobile app to generate a public-private key pair, where the public key is provided to the system, and the private key is accessed from the user’s local device using an authentication factor such as an OTP. 

Here are some ways you can go passwordless

  • Single Sign-on or SSO
    It simplifies managing access and provides employees an easy and secure way to log in. Also, it allows IT to provision or deprovision access as needed. However, while SSO reduces the number of passwords required, it often demands a single password to access all applications. 
  • Biometrics
    Fingerprints, face, iris, voice, and other biometric parameters are used as they are considered more challenging to hack than alphanumeric codes. They are also convenient to use, as they cannot be misplaced, stolen or forgotten. 
  • Hard tokens
    They allow access to software after verification with a physical device. 
  • OTPs
    Users are asked to input the code sent to them via email or SMS. OTPs provide an additional layer to security and are more secure than static passwords. OTPs are often used as a second layer of authentication, but can even replace static passwords. 
  • Private keys
    An alphanumeric string is processed through an algorithm, to encrypt or decrypt data. 
  • Magic Links
    Users enter their email address in a form, and then an email is sent with a login link. 
  • Push Notifications
    Users receive a push notification on their mobile devices through a dedicated authenticator app for identity verification.

Passwordless authentication methods are compatible across most devices and systems. Plus, they’re virtually impervious to phishing and other common cyberattacks.

So, is passwordless authentication the future?

Passwordless methods offer both a more secure and a more convenient way to authenticate users. So the simple answer is, yes, they are the future.

However, considering how ubiquitous passwords are today, they certainly aren’t going to disappear overnight. So until passwordless methods gain in popularity, it’s important to continue to do all you can to ensure strong passwords to secure your applications and data.

Whether you are ready to take the leap to passwordless, or are looking for a way to make your password based authentication more secure, Akku can help you enhance security and productivity across your environment. Talk to us today to see how we can help.

 

Navigating the World of Data Security in the Cloud: Steps to Ensure Compliance

Compliance ensures that an enterprise maintains a minimum standard of security-related requirements in accordance with industry and regulatory standards. Its scope, however, goes beyond having regulations in place, to successfully implementing policies and contracts.

As security breaches, fraud, and theft of data are becoming increasingly widespread in the IT world, industry guidelines for compliance have become more complex, and enterprise policies more elaborate. Adding to the difficulty of achieving security compliance is the limited functionality of network security tools in dealing with the dynamic nature of the cloud. Continue reading Navigating the World of Data Security in the Cloud: Steps to Ensure Compliance

Begin Here to Build a Trusted Business

According to the PwC 21st Annual Global Survey, reliability, congruence, consistency, and transparency are the four pillars for building trust among customers and other stakeholders. The same survey also found that 65% of CEOs are concerned about declining trust in business. If you have the same concern, here are some useful suggestions!

Continue reading Begin Here to Build a Trusted Business

Hashing And Salting – The What And How

“irgvctxmsr” – sounds like gibberish, doesn’t it? But if you were to decrypt this string using a mono-alphabet shift cipher where each letter has been shifted to the right by 4 numbers, you would see that it spells “encryption”!

Protecting critical data and information by encrypting them was first performed by Julius Caesar in 120 BC. The art of encryption has been through several modern shifts, and currently most of the data on the internet is protected using sophisticated encryption algorithms like AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adlemen), ECC (Elliptic Curve Cryptography) and PGP (Pretty Good Privacy).

Deciphering an encrypted message requires a key. Nowadays, messages are encrypted using public keys and decrypted using private keys. The private keys are shared privately between two trusted parties. Losing a private key can be disastrous, as encrypted messages can then be read by anybody with access to the private key.

Password Hashing

While encryption is a two-way function and is primarily done with the intention of being decrypted, password hashing is a one-way function. Hashing allows us to use a mapping function to map data of any size to a fixed length. The resultant output is called the hash value. Technically, hashing is reversible – however, the computing power required to get the original message makes it impossible for the original message to be decoded. Simply put, encryption protects the data in transit while hashing is used to authenticate the data and lets you know if it has been tampered with.

Here is how it works – consider that you have a digital document that you have digitally signed and uploaded to your website for another person to download. Now, you will run a hash function on the document and another one on your digital signature and encrypt the resulting hash values. Once a designated person downloads the document, the browser decrypts the hash values using a key and runs the same hash function on the document. If the resulting hash values are the same for the sender and receiver, it means the document and signature have not been tampered with.

Modern hashing algorithms include SHA (Security Hashing Algorithm), RIPEMD, WHIRLPOOL, and TIGER.

Salted Passwords

Salting is the process of adding an additional layer of security to the hashing process by adding a unique value to the end of the password and hashing the new password. By adding even one letter to your password and hashing it, you can change its hash value and make it harder for interceptors to find your password. For example, if your password is “V67gHD92”, you can add a unique character or string to the end of it and make it something like “V67gHD92SPICE”. Here, the word “SPICE” is called the salt.

Salting a password protects any data from brute force attacks in which bots attempt every possible combination of letters and numbers until the password is cracked. However, if the attacker knows your salt, the entire process of salting becomes worthless.

In this day and age where network and information protection requires meticulous planning and dedicated resources, we at CloudNow Technologies want to make things easy for you. Our network security solution Akku is designed to protect your network against sophisticated and high-level attacks. To know more about how we can help you protect your network, get in touch with us now.

Government Entities and their Move to the Cloud

Governments across the globe rely increasingly on technology today to serve their citizens better. But with the rapid evolution of technology, it is often a struggle for the different departments of government to keep up. This happens due to insufficient funds, security concerns or simply a lack of motivation to meticulously plan and implement the move.

Of these, security is the most critical consideration, since government agencies and departments are possibly the first line of defense against any cyber attack. This is especially true when it comes to government entities wanting to migrate their operations to the cloud.

Cloud Security Concerns

The United States of America has been one of the first few countries to understand the advantages and scalability that cloud computing offers and has already migrated over half of its government operations to the cloud. But what is holding back ALL governments from fully embracing the cloud? And what can be done about it?

When a cloud network is accessed remotely, the security measures kept in place at the end user’s system determines the security strength of the entire cloud network. This means that governments have to not only have iron-clad security for their data stored in the cloud but also ensure that individual devices which access the network have equally strong security protocols in place.

Solution 1: Identity and Access Management

One way to go about resolving the issue would be to decrease the complexity involved with cloud access and operations. Usually, when there are several applications hosted on the cloud, its users are required to remember several sets of credentials to access them. This leads to setting of simple passwords, which in turn leads to an easy to hack security. An Identity and Access Management or IAM solution can be deployed across the cloud network so that the users need to remember only a single set of credentials for all the applications they are authorized to use.

Another advantage of protecting your network with an IAM solution is that in case the device gets stolen or lost, it is easy to remotely delete an account, making it almost impossible for an outsider to enter your network.

Solution 2: Device and IP based Restriction

A security solution which comes with provisions for device and IP based restriction allows only access to a cloud network only from whitelisted devices and IP addresses. Any attempt to access the network from an IP address or a device that has not been explicitly whitelisted is simply rejected, and the admin of the network is notified. This serves to identify potential breach attempts, based on which improvements to cloud security measures may also be taken up.

Solution 3: Password Policy Enforcement

A cloud network’s security is only as strong as its weakest password. If a cloud network does not have a Single Sign-on solution in place, it means that every user has to remember as many passwords as the number of applications he/she is allowed to access in the cloud network. This means that for the ease of remembering the passwords, users tend to set weak and easy to hack passwords. Implementing a strong password policy will ensure that all the passwords used to access a cloud network comply with a specified minimum standard.

Cloud security solutions come in several architectures and platforms. But when it comes to critical data of a nation’s citizens, and the systems used to access that data, only the best solution is safe enough.

Akku from CloudNow is one such identity and access management solution which secures your cloud network from vulnerabilities and delivers on all the solutions described above. Get in touch with us to know more.  

Working Online? Watch out for Identity Theft!

Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.

What does an identity thief steal?

Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.

How does identity theft happen?

Identity thieves are well-organized, tech-savvy, creative and have seemingly innocent online personalities. They can steal information, simply by requesting it from an unassuming person or by using technological attacks to capture millions of records from enterprises. Sometimes, a stolen wallet or a carelessly-thrown receipt or letter can also lead to identity theft.

Here are some of the ways in which an identity theft may take place in your organization:

Data Breaches

A data breach, accidental or malicious, can have a heavy cost on both the organization involved and the individuals whose data is compromised.

Improper security on company-owned devices or devices that have access to your organization’s data is one of the leading causes of data breaches that lead to identity theft.

Phishing

Phishing involves sending deceptive emails with links to malicious websites that may either request or steal your information. If one of your employees is manipulated by such an email and clicks on a link it provides, it can be dangerous to the organization itself.

Even if your organization’s email can manage to keep out such mails from employee inboxes, if your employee has access to their personal email at the workplace, they are at the risk of being compromised.

Public Wi-Fi Connections

One of the problems with allowing your employees to work remotely is the possibility that they may be working from places that offer open or free public wireless internet connectivity. A criminal who also has access to the same network could also be able to observe all of your employee’s activities.

Mishandled Passwords

Carelessness with passwords, whether in terms of the creation of weak passwords or the way they are stored, can make your employees and your organization susceptible to identity theft.

Read our blog on Everything You Need to Know about Secure Passwords to know more about keeping passwords safe.

How can you prevent identity theft?

When it comes to preventing identity theft, the first step to take is to sensitize your employees on the different ways in which it can happen. Studies have proven that employees are the preferred channels that identity thieves use when they target organizations.

From your end, you also need to:

  • Set a strong password policy across your enterprise applications, to ensure that your organization is not compromised through your employees’ use of weak passwords
  • Use two-factor authentication or multi-factor authentication to enhance the security of applications carrying sensitive data
  • Ensure that your DNS filter works effectively to block out malicious websites that your employees may try to access
  • Block access to employees’ personal emails at work, so that there a lesser chance of data compromise and data breaches through phishing
  • Set up IP-based or device-based restrictions so that unauthorized persons are kept out of your applications when they try to access them from unsafe locations or unrecognized devices

An identity and access management solution (IAM) like Akku can help you take control of all the preventive methods listed above, all in one go.

Get in touch with us through sales@akku.work if you wish to know more about how Akku can help protect your organization from identity theft through identity/access management.

Cloud Security Solutions – Why do you need them?

Migration to the cloud is no longer an emerging trend. It is now a well-established method of running the operations of a business. With the cloud, you can manage data and applications in a secure environment and ensure that your users face virtually no latency while using your applications. But although the cloud comes with a basic framework for security, it still has its inherent security risks which need highly specific cloud security solutions to reliably protect your data.

To understand the need for implementing an effective cloud security solution, a deeper understanding of what causes and constitutes a cloud security threat is important.

Why Do You Need Cloud Security Solutions?

Unsecured Access Points

With several of your applications operating from the cloud, it is crucial to manage their access. Traditional methods of granting access to applications on the cloud require users to remember several sets of credentials. But with such a method, forgotten passwords would be common, draining the productivity of both your IT team and your users. To overcome this, users tend to set weak passwords which are easy to remember. But weak passwords are also easy to hack! The solution to this problem is to use an Identity and Access Management solution like CloudNow Technologies’ Akku.

Unprotected APIs

Application Programming Interfaces (APIs) are software interfaces which allow two different components of software to talk to each other. APIs are responsible for getting the requests from client systems and passing it onto the server and then retrieving the response and sending it back to the client. Considering that such an integral component is a part of your network architecture, a web application security solution is kept in place to eliminate the threat of unchecked network access from unauthorized users.

Types of Cloud Security Issues

DoS attack

DoS or Denial of Service is a distributed and malicious attack, designed to corrupt your servers and deny access to legitimate users. Such attacks require a complete hack of your network and injections of the attack code. A DoS attack is another common threat faced by organizations operating on the cloud. To eliminate this type of attack, it is important to maintain an intelligent firewall which can effectively stop the attack.

Data Breach

Cyber wars now directly translate to breaches and corruption of data. Since most organizations have to rely on third-party cloud vendors for storage, they increasingly feel like they are not in control of what happens to their data and applications. Data breach is one of the most common types of security threats, whether it happens on the cloud or any other type of storage. For this reason, companies have to go a step further and deploy high-end security solutions to prevent data breaches. While the move to the cloud can improve the efficiency of your operations to a great extent, it also requires you to choose a vendor you can trust to protect your network against the threats mentioned above. CloudNow’s cloud security solutions provide you with the security edge you require to peacefully conduct operations on the cloud without worrying about the threats trying to breach your network.

Akku – Secure your Enterprise Communication

Akku is a great way to control and authenticate communication channels for any enterprise.

One of the biggest threats to any organization is the possibility of a data breach, which can result in loss of data, loss of trust, and ultimately, loss of growth of the business. This makes data security a critical aspect to consider in any enterprise.

An important consideration, especially for SME businesses, is to secure their data – most companies still look for a way to do it in the traditional approach to data security – with an on-premise local environment.

Running the organization with an on-premise environment requires a dedicated workforce, this can be replaced with a secure cloud-based environment. But how does this fit in with Akku? Akku is a pure cloud Identity and Access Management solution that can be integrated with cloud, hybrid or on-prem applications.

So how can Akku help your organization?

Akku’s first great feature would be its Single Sign-on (SSO), where any enterprise’s user accounts and applications can be integrated into a single platform – making access easy for users and control easy for admins.

Unauthorized access is restricted by Akku, which is built on a certificate-based authentication architecture.

It is also possible to filter the content accessed by an organization’s users – DNS filtering to control websites that can be accessed, YouTube filtering to ensure only relevant video content is viewed, and even personal email blocking to improve productivity and security.

Akku also maintains highly granular logs, allowing for detailed reporting on user behavior – time, location, OS and so on for users logging in.

These are just a few of the functionalities that Akku brings to the table to add value to your organization’s data security.

So fight back against data breaches, and tell the world “My Data and Communication are secure!”