Coronavirus security: why going password-free is the key to safer remote working

Remote working is fast becoming the new normal. In the continuing effort to tackle the spread of COVID-19, organisations all over the world are putting systems in place to enable their staff to work from home. In some ways, this is great: lower office costs, less time spent commuting, reduced traffic and pollution, increased productivity and happier employees. However, while remote working has enormous benefits, many organisations aren’t accustomed to it. They therefore face a number of challenges in keeping their data and systems safe and their employees able to do their work.

Cybercriminals know this.

And they know that many people who used to log in to their workplace systems on a desktop, and were used to doing so, are now logging in via a browser on a personal device. According to Google, phishing schemes rose by 350% between January and March. Among these are a growing number of phishing emails designed to look like they’re from victims’ workplaces. These contain a link directing recipients to log in to workplace systems, e.g. a fake Microsoft Office 365 login page. Any usernames and passwords typed into these fake pages are immediately captured by the scammer, who potentially then has access to highly sensitive data such as trade secrets and business plans.

As a result, companies are having to deploy the best cybersecurity practices out there in order to secure all their new off-premises endpoints. Many are setting up 2-factor authentication (2FA), i.e. getting users to confirm their logins with something in addition to their password, usually a one-time code sent to the user by text message. Organisations are also being urged to use password managers to store and encrypt their employees’ passwords.

The problem with these approaches is that the biggest cybersecurity vulnerability has always been the passwords themselves. They’re the top cause of data breaches because they’re so easily obtained by hackers. Despite this, passwords are still the dominant method of authentication and the vast majority of authentication solutions remain password-based. Even though these solutions pile on additional authentication factors—codes, apps, biometrics—if a foundation is weak, so is everything you build on it.

Password managers, too, are like treasure troves for hackers. They take all your passwords and store and encrypt them in a vault, but that vault is locked with yet another password—the master password. If a hacker gets that, they get everything.

The other problem is that for many organisations, remote working is new and different and poses practical problems they’re not familiar with. They’re having to get set up with remote working solutions like virtual private networks (VPNs) and cloud services really quickly, and set up 2FA when they’ve never had to use it before. 2FA doesn’t make this any easier, largely because most 2FA solutions are expensive to implement and confusing and frustrating to use, particularly on older remote working systems. As a result, significant IT overheads are being generated by users inadvertently locking themselves out of their accounts.

What organisations need is an authentication and access solution that is simple to use, quick and easy to roll out, and above all, secure—particularly those organisations who are already finding the transition to remote working a challenge. In other words, a solution that eliminates the source of what’s eating up their time and resources, causing their employees stress, and making their systems and applications more vulnerable: the password.

Idenprotect is a multi-factor (MFA) and secure Single Sign-On (SSO) solution that completely eliminates the need to use passwords.

The idenprotect MFA provides the following factors. The first two factors are inherence (unique biological traits such as your fingerprint or your face) and possession (your smart device and, specifically, the secure chip inside it). The third factor is usually your password, but we’ve replaced the password with a private key stored in the secure chip. No one can access or remove this key, not even us.

What’s more, users authenticate using the devices they already own, which means there’s nothing physical to roll out. As long as those devices are equipped with a secure chip and a biometric sensor, there’s nothing else you need. And since Idenprotect integrates with thousands of systems and applications, including legacy remote working tools, that’s another common barrier to implementation lifted. This is exactly what you want if you’re new to remote working and looking for a reliable and easy-to-use solution quickly.

Now that phishing attacks have increased and remote workers are being targeted, it really is time to put passwords out to pasture. But going password-free now will not just secure your organisation while we all wait out this pandemic. Its security and efficiency benefits will endure long after coronavirus has become a distant memory.

Posted in: