What do Yahoo!, Equifax, and eBay all have in common aside from data breaches on an epic scale? They all rely on a user’s trust across digital networks to move their businesses forward.
If your enterprise still relies on stored and shared authentication credentials (e.g. passwords) it’s only a matter of time before your company’s name (and perhaps your name as well) appear in the news related to a hack of your user database.
Six billion authentication credentials have been stolen since 2013, according to credible sources1, with far-reaching consequences in terms of reduced brand equity and damage to business reputation. A 2014 report from Forbes Insights in conjunction with IBM2, found that 46% of organizations have suffered damage to their reputations and brand value as a result of a breach. Big names are involved: Verizon, Hyatt Hotels, Time Warner Cable and the United States Internal Revenue Service; and organizations range from entities holding tax and medical records to schools and universities, corporations and NGOs.
Data breaches go beyond embarrassing in that they can be costly as well – both in terms of remediation and effect on sales. They also can also result in job losses and regulatory fines such as measures recently introduced in the United States.
Passwords are still your single largest cybersecurity threat
The simple fact is that if the data you hold is protected with password permissions, it is not safe.
Real security requires the complete elimination of centralized security technology. Credentials stored in whole form, in a single central place, are easier to compromise than distributed systems. Passwords, digital certificates, two-factor authentication and other aspects of stored authentication are all built around central databases, which are inherently easier to compromise than zero-knowledge systems.
How can you protect your Brand Integrity?
Fortunately, it is entirely possible to protect your data and systems using an affordable, quick solution that can secure enterprise and external users alike.
A zero knowledge process that delivers multi-factor authentication without a centralized credentials system is inherently far more robust. In practice, this means an end user proves their identity without sending authentication credentials across the web or to a centralized system (both of which can be compromised).
This new approach delivers the significant advantage of smaller, stronger and faster authentication and eliminates the risk of a centralized authentication database. What’s more, this approach can reduce authentication and user-support costs by an order of magnitude.
The only way to prevent password database breaches is to eliminate the password database altogether. MIRACL runs entirely in the software of your web or mobile application and is inexpensive to implement and use. Best of all MIRACL removes the threat of you (or your company) making the wrong kind of headlines this year.
1 KPCB, Breach Level Index, IBM, Govtech
2 “Fallout: The Reputational Impact of IT Risk,” Forbes Insights, 2014.
MIRACL’s use of a zero knowledge proof (or process) allows any user or device to confirm their identity without revealing any valuable information about themselves. Learn about MIRACL Trust® multi-factor authentication, which features our zero knowledge proof.