Why you don’t want your companies name in the headlines
Over 6 Billion Records have been breached since 2013. These super high profile smash and grab attacks on global scale cloud service providers, such as Google, Twitter, Evernote, mean the focus on better security is not just important for your customers and employees; but also crucial for your brand. The balance between user friendliness and credible security is a key issue for any provider or web site owner needing to improve their secure authentication. But is there an authentication service that gets the balance right? We know usernames and passwords are a no-no, and hardware tokens are cumbersome, so how about an authentication service that requires no hardware, can be used for any digital service, on any device, with an easier experience than passwords? Wouldn’t that be innovative.
Better Security should Start with True Two-Factor Authentication
We authenticate ourselves multiple times every day. Every time we open a door with a key we are authenticating ourselves to the building we are entering, simply by demonstrating possession of the key. When we buy something with a bankcard we authenticate ourselves via possession of the card and knowledge of the associated PIN. This is known as two factor authentication.
In today’s application, security and operations owners must deal with the ever increasing and unpredictable demand to securely authenticate more internal, external and mobile users and devices and do so at the scale and speed of today’s Mobile Internet.
In response to this, they continue to attempt to ratchet up their password-based security with incremental investments in new and higher levels of two-factor and two-step authentication, doing nothing to defuse the ticking time bomb of a breach of their password database or to make life easier for users, who are increasingly frustrated with concocting, remembering and using complex passwords, technologies and processes.
Multi-Factor Means Stronger
Strong authentication means a user provides two or more of the following when requesting access:
- Something only the user has (a token in mobile app)
- Something only the user knows (a 4 digit pin)
- Somewhere the user is (a known time or place)
For maximum security you should ideally authenticate with something you know, something you have, and something you are. Typically that would be a password, a physical device of some sort, and a biometric like a fingerprint. For the moment the industry appears to be content with just two factor authentication, which could be any two out of these three.
MIRACL Trust® Multi-Factor Authentication Means Safer
Zero-Knowledge means that a user proves knowledge and possession without exchanging or sending any credentials with a server database (unlike passwords and current two-factor authentication).
MIRACL Trust® MFA platform is a cloud-based service that provides secure, multi-factor authentication to employees, partners, and external users without sending authentication credentials across the web for storage in the cloud. Which means it can’t be compromised.
Fast Facts about MIRACL Trust® MFA:
- Provides better security: without the need for credentials, such as usernames, passwords and OTP seeds, to be sent across the web, or stored on a mobile device.
- Affordable: Significantly lower total cost of ownership than hardware tokens and authentication-as-a-service offerings. Clients provision users as needed, billed only for usage.
- Easy to implement: As a cloud-based service, MFA is simple to activate deploy, and on-board users at scale. Clients can be live within minutes.
- Can be extended into any desktop or mobile application via open source, Apache Licensed developer SDKs for iOS, Android, C# and other web languages.
- Meets regulatory compliance: multi-factor authentication solution for regulated industries, such as finance, government and healthcare, since credentials are not stored in the cloud.
- Scalable: secure authentication to all customers, employees and partners who power a company’s business, for less than the monthly cost of sending a few SMS messages to a single user in a month.
- Simple to administer: Manage service delivery channels, billing, and users through one simple MFA web dashboard.
- Improved end-user experience: A simple 4-digit PIN is all the end user has to remember, and can be used across all applications and identities that the end user needs to gain access to.
“MIRACL’s zero password authentication solutions, which eliminate authentication database breaches and improve the user experience for end users, deliver immediate security benefits”. Rich Boyer, Chief Architect, NTT i3.
Clients can activate, deploy, manage easily and go live in minutes. To find out more about MIRACL Trust® MFA, you can request a demo today.