Ciptor Security Insights
With the right technology in place, you will be able to eliminate passwords and enhance employee productivity. Authentication is the cornerstone of secure digital transformation for platform businesses. Today AI is used both to secure and bypass authentication system. Trustworthy authentication is the key to becoming a future-ready company and will be one of the most important brand differentiators.
Passwords and Shared Secrets are the #1 Cause of Breaches.
Despite millions of dollars invested in authentication, users still log in with passwords each day. The reliance on and use of passwords disrupt the employee experience. CEO’s should not accept Passwords in the new reality where this is the highest risk today for your business.
$ 1.7B in Account Takeover (ATO) fraud costs have doubled since 2015. Despite millions of dollars invested in multi-factor authentication, most companies still rely on passwords – the hacker’s favorite target.
Does your organization have a plan for how to become Passwordless?
Zero Time to Lose
Companies that aren’t seeking new approaches and innovation, will not adept and capturing new ideas and putting them into practice, is going to get left behind, because there will be competitors and hackers that are waiting to take over your customers and employee’s workstations.
How are your CEO planning to eliminate Passwords for your organization?
How You Choose to Authenticate Matters
Today, ATO attacks are so common that over 90% of all login attempts are malicious and 56% of consumer banking is malicious login attempts. Passwords are not security – they are a vulnerability. To become a leading company in the future your business needs to move beyond password-based authentication. Passwords is not a recommendation by Gartner, McKinsey, Deloitte, Forrester or any other leading consultancy firm. Passwords and traditional MFA will not enhance the user experience, decrease costs associated with passwords, support digital transformation or to eliminate hacking attacks.
How will your business authenticate Consumers and Employees in the future?
The Best Way to Address Your Cybersecurity Issues is with Passwordless Authentication
Make sure to invest in a platform providing your organization with a passwordless authentication mechanism that leverages on your existing infrastructure with regard to Active Directory and your Identity Provider.
Make sure your choice of Passwordless Authentication Platform is designed to eliminate passwords and shared secrets across the enterprise.
Make sure to have a holistic approach to eliminate the use of passwords and shared secrets across the entire workforce. This will stop the rising costs and help desk volume caused by the complexity around passwords.
The most important leadership factor for modern CISO’s, CIO’s, Security, IAM and IT leaders is to deploy only FIDO-Certified authentication and ensure that user credentials are securely decentralized on your Employees or Customers mobile devices or SecurityKey’s. This will result in a level of efficiency, cost savings, and ease of use that was previously unachievable.
Passwordless authentication is indeed the next step, find out why leading enterprises deploy passwordless authentication and how we can help your business to become Passwordless.
How do we keep everybody working flexibly and get employees back together in a safe way?
As we plan our longer term flexible working strategies, we expect that safe remote working will be the key to business success. As technology investments continue to drive this, we spoke with Kevin Turner, VP Sales Engineering at HYPR, and asked him how Passwordless Authentication can help.
How do we give easy and secure access to devices and services to people who are going back to work? This is something we think about all the the time, how can we make it easier and in the same time more secure for both Consumers and Employees?
Passwordless Authentication with Zero Trust!
Zero Trust Authentication means by default that no user, device or application shall be trusted, instead the trust base of access control shall be reconstructed based on adaptive authentication, authorization and encryption technology. This is a brand new security concept and at HYPR we are dedicated to make it easy for organisations to implement Passwordless Authentication with Zero Trust, and to monitor, manage, provision and deploy passwordless policies across millions of user all from our fine grained FIDO access control center.
Home but never alone
What about people working from home? There will still be a large number of people working from home. How do you fill the gap between people working from home vs in the office?
It's important to ensure there is always an inclusive, "working together mentality"
We are always thinking about ways to make it easy for remote workers to access their workspace and to feel included, with the highest level of Authentication standard on the market FIDO2.
Tech is forcing us to Zero Trust
In general, the Zero Trust trend is here to stay and we see a rising need for physical authentication in combination with the mobile phone. We are therefore very happy to announce that we now support the SecurityKeys from Feitian. You can use different form factors from Feitian including their latest iePass FIDO2 SecurityKey's.
Kevin Turners Top 3 Recommendations:
Expecting your Identity Provider to get you there
Legacy Identity Platforms were built on top of passwords and password-based MFA. While the IAM giants did an incredible job and revolutionized digital security, the elimination of passwords and shared secrets is not their core competency. In fact, authentication itself has always been an add-on feature for the IdP. There has been no need to invest significant resources in improving authentication. As a result, very little innovation has happened on that front.
Letting perfect be the enemy of Great
“We need everyone to be able to use the same authentication method everywhere, under all conditions, on day 1.”
This one-size-fits-all mindset often appears in large, complex organizations who are (rightfully) trying to eliminate passwords for all users. It is commendable to see project leaders striving to satisfy all use cases & edge cases on day 1.
IT and Security Teams Who Are Not on the Same Page
The alignment of teams is critical to the success of a transformational project. Many IT initiatives have slowed down to a halt when departments are unable to meet eye-to-eye or have conflicting agendas. Any meaningful workforce transformation depends on your IT and Help desk becoming supportive champions of the project.
Cybercriminals are currently eager to gain access to the Zhenhua files and/or ways to exploit vulnerabilities by stealing data themselves.
While we all know what can happen if this ends up in the wrong hands, we know little about the markets they get this from. Where and how often is this data shared, at what price and what is the level of expertise of the buyers and sellers? To improve insights on this topic, our DarkCloud partner Web-IQ launches the clearnet hacking forum dataset per November 1st. As a starting point, the dataset contains discussions and advertisements of ten of the biggest clearnet forums around.
NB: Web-IQ is not paying to acquire specific data. We primarily index generic available data and links to specific databases.
Combined with WebIQ darknet datasets, a more holistic view can be achieved in the fight against cybercrime. Today, cybercriminals are looking for the Zhenhua files and/or ransomware. Start using DarkCloud to find out what they are looking for before reading it in the news!
Mastercard engaged with Ciptor's partner HYPR on its ambitious project to reimagine customer multi-factor authentication with security and usability at the forefront. The global payment giant is leading the way in mobile payment innovation, with an aggressive push for moving beyond the constraints of a plastic credit card. The mobile world presents vast opportunities but also creates new avenues for fraud. As such, the company’s product leadership was focused on achieving best-in-class security and fraud protection that would satisfy the needs of their mobile users and massive ecosystem of banking partners.
A Challenging Use Case
The company’s project came with a mandate for enabling hardware-backed security for high-risk mobile transactions. The requirements stated that payment credentials such as biometrics and PINs be stored at the edge rather than in a centralized repository. In order to securely decentralize, isolate, and encrypt credentials on personal devices, Mastercard wanted to leverage standards-based approach to card-less payments. They would power mobile payments with FIDO Authentication.
Mastercard wanted to achieve maximum levels of interoperability. A key consideration was providing a solution that would not only be deployed across Mastercard products but would be easily consumed by banking partners and their applications. The solution would need to be robust enough to support both B2C and B2B2C use cases.
"HYPR's technology is a smart way to keep critical data where it belongs - close to the consumer."
Finally, it was imperative that customer experience remain flawless, even with the additional security measures. The company’s global footprint came with a very fragmented and diverse device ecosystem. Achieving consistent user experience and device coverage required HYPR and Mastercard to work closely together on a solution that operates independent of device constraints.
Password-less = Card-less
As it turns out, the vision for card-less payments would have a lot in common with passwordless technology. Credit card numbers are like passwords – they can be stolen, shared, lost, or forgotten. It was clear that card-less authentication could benefit from the advances in the authentication space.
As part of the Mastercard deployment, HYPR provided the True Passwordless SDK to be integrated customer applications. The HYPR platform enabled a FIDO-Certified architecture and a fully customizable user interface provided the flexibility necessary for Mastercard’s customer ecosystem. Mastercard’s internal product teams and external banking partners could customize the look and feel of their authentication experience while maintaining best-in-class security.
Leading the Mobile Payments Revolution
HYPR’s Mastercard deployment ensures that all user credentials, biometric information and cryptographic keys are protected by hardware-backed security and always remain safe on mobile devices. This approach renders credential reuse infeasible and dramatically reduces the risk of mobile payment fraud. Mobile users enjoy a fast payment experience while Mastercard and its partner ecosystem benefit from a much more difficult fraud landscape.
The HYPR <> Mastercard integration enables frictionless mobile payments and transaction speeds never before possible with such high security. Deployed together, this solution presented the most advanced mobile payment security innovation since Apple Pay was unveiled.
Newest Microsoft Hybrid Azure Active Directory Passwordless Authentication Capabilities
FEITIAN Technologies, a world security technology leader providing fingerprint biometric FIDO2 passwordless authentication, advanced combined function all-in-one smartcards, and payment related systems, is now able to provide fingerprint biometric Passwordless solutions for Hybrid Microsoft Azure Active Directory (Azure AD) to eliminate passwords.
Constructed during FEITIAN’s collaboration with Microsoft, multiple FIDO2 fingerprint biometric passwordless security keys are now available for enterprise, government, healthcare, educational, and individual user applications. The FEITIAN BioPass and AllInPass FIDO2 Security Keys allow users to carry their credentials with them and safely sign into Hybrid Azure AD (and other Microsoft service) without a username and password. Users have the option to plug their Fingerprint Biometric Security Key into their computer with the USB-A or USB-C ports, with NFC on their mobile device (or NFC Reader), and even with BLE to gain account or SSO access when they verify the previously enrolled fingerprint.
About the FEITIAN Biometric Security Keys
The three secure and FIDO2 certified FEITIAN fingerprint biometric security key form factors provide multiple connection options. The BioPass K26 uses USB-C, the BioPass K27 uses USB-A, and the newly released K33 AllinPass uses BLE, NFC, or a cabled USB-C connection. The FEITIAN fingerprint biometric Security Keys can also deliver PIV, OTP, and GIDS with options for multiple interfaces, price points, and fingerprint biometrics as needed. The FEITIAN biometric Security Keys are unique because they also allow for added security options of Three Factor Authentication (3FA) with the key (possessed factor), Fingerprint Biometric (inherent factor), and PIN (known factor). FEITIAN also provides Passwordless solutions on non-biometric Security Keys and the Fingerprint Biometric Smart Card format.
About Microsoft Passwordless Authentication
Microsoft Azure Active Directory (Azure AD) and Microsoft Account services function as a WebAuthn Relying Party. Microsoft Edge is a WebAuthn Client. Windows 10 is in the role of the platform hosting the Win32 Platform. Windows 10 supports the FIDO2 protocol at a platform level for both Windows Sign In and WebAuthn. The FEITIAN K33 AllinPass is the roaming authenticator which has USB, BLE, and NFC interfaces. With FEITIAN’s Match on Card fingerprint sensors so no biometric data base needed, FEITIAN’s security keys and cards are offering a more convenient and ultimately a more secure Passwordless experience.
Feitian K33 AllinPass
“As Microsoft continues to improve their advanced applications to allow for Passwordless authentications using FIDO2 security key in Hybrid environments and SSO to on-prem as well as cloud resources for Hybrid Microsoft Azure Active Directory, FEITIAN continues to add to their FIDO U2F products by providing innovative, secure, and value-priced solutions for Microsoft and all FIDO2 Passwordless applications,” said FEITIAN Technologies Vice President and General Manager of International Business Tibi Zhang. “We are proud to be working in conjunction with Microsoft. We have worked closely with the FIDO Alliance by strictly adhering to their industry-established technology standards for strong, phishing-resistant authentication on the web that promises better security and a better user experience with our broader choice of Authenticators for Enterprise, Finance, Education, and Government users.”
Sue Bohn, Partner Director of Program Management, Microsoft Identity Division, Microsoft Corp. said, “Passwords alone are no longer an effective security mechanism. It’s clear we need to provide our customers with authentication options that are secure and easy to use. This is where companies like FEITIAN come in. By integrating their solutions with Microsoft Azure Active Directory, Microsoft Account (Outlook, Hotmail), and Windows 10, FEITIAN is important member of our passwordless journey.”
Michael Gwynn, Director of Strategic Projects at FEITIAN US said, “We are enthusiastic about being able to provide our advanced Passwordless Authentication Technologies for even more Microsoft clients as we now can help improve security, reduce hacking, and provide Passwordless access for Hybrid Azure Active Directory users.”
FEITIAN continues to work with Microsoft to ensure biometric keys work with then newest advancements for Windows and Azure Active Directory. The FEITIAN security keys offers many advantages over passwords including lower IT management costs, better productivity, improved security, and unprecedented privacy for both employees and employers at enterprise businesses, educational campuses, healthcare facilities, and government applications.