SecureAuth Summer 2020 release brings new biometrics-based MFA and login options as well as powerful new defense against hard-to-detect password attacks
SecureAuth now offers new biometrics-based login and MFA options supporting companies transitioning to a pure passwordless environment for their workforce and customers. The biometrics login available in SecureAuth Identity Platform utilizes the WebAuthn protocol, part of the FIDO2 project, and works beautifully with all modern Macs and PCs.
Passwordless login offers a higher level of convenience for users. Instead of creating, memorizing, and frequently updating passwords, SecureAuth users can use a biometric reader such as TouchID on their Mac or Windows Hello on their PC for login. The removal of a password for login also means the user is not required to update their password every 30 or 90 days, a common practice in the workplace, helping to improve the user experience.
“Being fully passwordless is cheaper, easier, and more secure for organizations when done correctly,” says Staci Endres, Product Manager for SecureAuth. “Password reset costs are around $25 per incident for most North American companies, which really adds up when you have tens of thousands of employees. By replacing passwords with a more secure form of authentication like biometrics-based WebAuthn, you take away the hassle of password management from both users and companies without compromising the security.”
Just like with login, SecureAuth users can also use their TouchID or Windows Hello for 2-factor authentication. Two-factor authentication with TouchID or Windows Hello is not only faster than re-typing a code or managing a push notification, but it also makes the Mac or PC a de facto trusted device.
New defense against password spray attacks
The SecureAuth Summer 2020 release is also introducing Dynamic IP Blocking to provide intelligent defense against a particularly dangerous, malicious activity known as a password spray attack. In a typical password spraying attack, a hacker uses a common password against a massive number of usernames in an attempt to compromise an account before repeating the cycle with a different password. The relative infrequency of failed login attempts with the attack does not typically raise any red flags in monitoring systems enabling bad actors to methodically attempt to breach an organization.
The SecureAuth detection and defense engine automatically blocks the IP addresses from which the attack is originating, regardless of the username entry.
“What makes a password spraying attack so attractive for malicious actors is that they can perform the attack largely undetected,” says Alberto Solino, VP of Research at SecureAuth. “To successfully defend against the attack, we must collect and analyze a set of signals to identify a pattern representing a threat. Once we see a pattern, SecureAuth triggers a defense mechanism that blocks the attack but leaves legitimate users unaffected.”
- Passwordless login and MFA with FIDO2 WebAuthn is available immediately to all SecureAuth customers on the Prevent cloud subscription plan.
- The Dynamic IP Blocking Service is available to all SecureAuth customers on the Protect and Prevent cloud subscription plans.
- Both functionalities are also included and ship with SecureAuth ver. 20.06 for on-premises and hybrid deployment.
Watch a webinar on FIDO2 WebAuthn and Dynamic IP Blocking with Staci Endres, product manager at SecureAuth.