secure login Archives

How do you strengthen your identity verification processes? Most organizations go the route of stronger password policies and tight password management. However, did you know that passwords are inherently among the most vulnerable components of your organization’s cybersecurity environment?

The risks of password-based login

When you use passwords as the primary key to your secure assets and data, you open up your systems to certain risks: weak password policies, improperly shared access, database hacks, credential stuffing and social engineering.

Weak passwords due to improper policies

Poor policies could permit the use of very weak passwords. On the other hand, very stringent rules result in employees hunting for workarounds. If you’re using password-based authentication, prioritize a password policy management module in your IAM.

Database breaches

Since user credentials are stored in a single centralized database, the database is naturally under some risk of hacking. Passwordless authentication does away with this risk, since there’s no centralized database of passwords to be breached.

Credential stuffing attacks

It’s common for employees to use the same password on multiple websites, from the local movie theater’s online booking system to your business applications. If the movie theater happens to get hacked, your business-critical assets are suddenly vulnerable.

Social engineering attacks

When creating a password, users gravitate towards names and dates of personal importance. These details aren’t public, but they can be discovered! Malicious actors can learn such data from in-person social interactions or from social media, and crack the user’s login.

Enter passwordless authentication

How do you avoid passwords in your identity verification process? Passwordless authentication is a zero-trust login method that works well with modern applications and systems. It entirely does away with credentials based on the username-password dynamic. Instead, passwordless authentication is typically device-centric, where a previously approved action needs to be taken on a verified device (smartphone, personal computer or hard token) to authenticate a user.

The credentials are non-shareable and are not stored centrally. No passwords are shared with users, and they cannot be inappropriately shared or compromised, meaning unauthorized individuals cannot access your business-critical assets even if they were to obtain a user’s credentials. Credential stuffing, social engineering and hacking attacks are not just unlikely; they’re impossible. As a system administrator, you don’t need to worry about the strength of your users’ passwords or the frequency with which they’re updating them.

The benefits of passwordless authentication

As discussed above, it strengthens the security of identity credentials
It improves user experience for administrators, business management and users too
It simplifies the login experience for the user
It reduces long-term IT costs, as fewer support tickets are raised

How does passwordless authentication work?

You could use a number of techniques to enable passwordless authentication. These include hard tokens, OTPs, private keys, magic links, push notifications and QR codes.

Passwordless authentication is based entirely on a device or object that the user already possesses.

QR codes can be scanned by a specific application downloaded on the user’s mobile phone.
Hard tokens are physical devices that provide users with direct access to specific software.
OTPs, push notifications and magic links could be connected to mobile devices, a phone number or an email address.
Private keys are stored on the user’s approved devices; these alphanumeric strings are used in association with a public key to verify the user’s identity.

Akku and blockchain-based identity management

Akku’s upcoming blockchain-based identity management method has added a new layer of security to the customizable IAM solution. Using a private distributed ledger, the Akku blockchain-based IAM is virtually unhackable and extremely secure. At the same time, this revolutionary technology is user-friendly and accessible.

Using the new system, your administrator would provision new users exactly as they did earlier on the original Akku system. Each user would be provided with credentials consisting of a public key stored on the blockchain servers, and a private key pushed to the user. Blockchain credentials are created based on the decentralized identifier that your organization chooses. This could be an email ID, employee ID, or any other unique identifier.

Once their access has been provisioned, employees download the Akku app and enter their decentralized credentials. On the Akku login page, they will see a QR code which needs to be scanned through the Akku application. They will then receive a private key, and their access is activated.

This QR code based passwordless authentication method is enabled by the use of blockchain credentials with each user’s public key being stored on the blockchain, and their private key being stored in a blockchain wallet on their approved device – in this case the wallet being the Akku app.

The use of the QR code based passwordless authentication method eliminates some of the risks associated with other forms of passwordless authentication. This includes as SIM swapping or cloning in the case of OTP based methods, and biometric hacks in the case of fingerprint or retina scan methods.

Do reach out to our team to learn more about the blockchain and its use in identity and access management. Get in touch with us today.

Single Sign-On (SSO) is a session and user authentication service where one set of credentials – typically a username and password – can be used by an organization’s users to access multiple apps.

SSO delivers tighter control for admins, helping to keep an organization’s data more secure by providing access only to users who really need it. At the same time, it makes operations more secure at the user level too – when users don’t need to remember a large number of credentials, they would be more willing to use stronger passwords.

Besides its inherent security, SSO also simplifies provisioning and de-provisioning, which in effect also increases security by preventing unauthorized access to apps and data.

How secure is your SSO?

Some misconceptions also exist regarding SSO – key among them is that SSO leads to an increased security risk, almost like putting all your eggs in one basket. After all, with one system controlling access across all of an organization’s applications, what if that single system is compromised?

It is therefore important to understand that SSO functions through a system of secure tokens which do not carry any sensitive data, making it a very safe proposition. We’ll explore exactly how this works, and how these tokens ensure security, later in this article.

What are SSO tokens and how do they work?

SSO tokens are tiny sets of digitally signed structured information to ensure mutual trust between parties.

It’s like an exclusive club with select invitees, where guards at the entrance check, approve, and stamp each guest’s hand. Event staff will know the exact shape and color of the stamp used and therefore authenticate the entry. Similarly, in the digital world, the service and identity providers communicate via tokens.

Tokens don’t include sensitive data like user’s password or biometric information, ensuring that any interception or attack on the tokens does not reveal the information. The same token can be used to add on new services to the same SSO platform as well. It facilitates identity verification separately from other cloud services, making SSO possible.

Data Security through SSO

SSO improves enterprise security as it reduces the number of attack surfaces because users only log in once each day and only use one set of credentials.

It also significantly reduces the possibilities of password-related hacks. With SSO, users only need to remember one password for all their applications. So, they are more likely to create complex and hard-to-guess passwords. They are also less likely to reuse passwords or write them down.

Another reason SSO is popular among enterprises is that it allows scaling up. Both access to new apps and addition of new people can be managed without sacrificing security, because identity and access management are already addressed. And rapid provisioning and deprovisioning without needing to worry about human error means more reliable and secure access management.

For added security, SSO can also be paired with Multi-Factor Authentication (MFA), where additional factors of authentication are required beyond just the user’s password, to reconfirm the identity of the user.

Akku incorporates robust and secure token-based SSO functionality, helping to deliver greater security and efficiency. Contact us today for more information.