SecureAuth introduces passwordless login with WebAuthn and a new defense against password attacks

Back to Blog
August 05, 2020
Dusan Vitek

SecureAuth Summer 2020 release brings new biometrics-based MFA and login options as well as powerful new defense against hard-to-detect password attacks

SecureAuth now offers new biometrics-based login and MFA options supporting companies transitioning to a pure passwordless environment for their workforce and customers. The biometrics login available in SecureAuth Identity Platform utilizes the WebAuthn protocol, part of the FIDO2 project, and works beautifully with all modern Macs and PCs.

Passwordless login offers a higher level of convenience for users. Instead of creating, memorizing, and frequently updating passwords, SecureAuth users can use a biometric reader such as TouchID on their Mac or Windows Hello on their PC for login. The removal of a password for login also means the user is not required to update their password every 30 or 90 days, a common practice in the workplace, helping to improve the user experience.

“Being fully passwordless is cheaper, easier, and more secure for organizations when done correctly,” says Staci Endres, Product Manager for SecureAuth. “Password reset costs are around $25 per incident for most North American companies, which really adds up when you have tens of thousands of employees. By replacing passwords with a more secure form of authentication like biometrics-based WebAuthn, you take away the hassle of password management from both users and companies without compromising the security.”

Just like with login, SecureAuth users can also use their TouchID or Windows Hello for 2-factor authentication. Two-factor authentication with TouchID or Windows Hello is not only faster than re-typing a code or managing a push notification, but it also makes the Mac or PC a de facto trusted device.

New defense against password spray attacks 

The SecureAuth Summer 2020 release is also introducing Dynamic IP Blocking to provide intelligent defense against a particularly dangerous, malicious activity known as a password spray attack. In a typical password spraying attack, a hacker uses a common password against a massive number of usernames in an attempt to compromise an account before repeating the cycle with a different password. The relative infrequency of failed login attempts with the attack does not typically raise any red flags in monitoring systems enabling bad actors to methodically attempt to breach an organization.

The SecureAuth detection and defense engine automatically blocks the IP addresses from which the attack is originating, regardless of the username entry.

“What makes a password spraying attack so attractive for malicious actors is that they can perform the attack largely undetected,” says Alberto Solino, VP of Research at SecureAuth. “To successfully defend against the attack, we must collect and analyze a set of signals to identify a pattern representing a threat. Once we see a pattern, SecureAuth triggers a defense mechanism that blocks the attack but leaves legitimate users unaffected.”

Availability

  • Passwordless login and MFA with FIDO2 WebAuthn is available immediately to all SecureAuth customers on the Prevent cloud subscription plan.
  • The Dynamic IP Blocking Service is available to all SecureAuth customers on the Protect and Prevent cloud subscription plans.
  • Both functionalities are also included and ship with SecureAuth ver. 20.06 for on-premises and hybrid deployment.

Webinar
Watch a webinar on FIDO2 WebAuthn and Dynamic IP Blocking with Staci Endres, product manager at SecureAuth.

Learn more 
Follow us on Twitter at @SecureAuth, on LinkedIn at linkedin.com/company/secureauth-corporation/, and bookmark our blog at secureauth.com/blog.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Leadership

Newsroom

Careers

Contact