Passwords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?
What’s been your highlight this year? Mine was unusual: sitting in a dingy AirBnB in South London with a crack team of hackers. We ran the project as part of a white paper assessing the safety of challenger banks with our partners at WeFightFraud (you can read the alarming results here) led by the charming, cheeky and utterly terrifying Tony Sales.
While the surroundings (and the cold sausage rolls) weren’t exactly memorable, the lesson they taught me was. Because that was the day I saw Multi-Factor Authentication (MFA) completely collapse.
Hypr estimates that between 80-90% of MFA applications is hopelessly easy to breach. All those times you received a text to verify your login to Office 365 or confirmed your email on the very same device used to set up a new account; all pointless. Hackers use some sophisticated (and not-so-sophisticated) methods to bypass MFA so that it’s barely more secure than using a simple password. (And let’s face it, we’re one of the 64% of people that use the same or similar password for everything.)
Attacks include phishing, SMS OTP (those texts purporting to come from Amazon), even social engineering – where the hacker simply calls up the IT help desk and engineers the call centre staff to give up the passwords or reset them to a new mobile number – and MitM (Man in the Middle) can all yield results. And then there’s ‘MFA Fatigue’ – which involves spamming victims with authentication prompts until they grant the attacker access accidentally or out of frustration – perceiving it as a legitimate login attempt or a bug. It is a type of brute force approach to bypassing MFA that takes advantage of how approving MFA requests has become so routine that employees assume the prompts in their authenticator apps are always valid.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The global MFA and cloud computing markets are projected to grow by nearly 15.6% and 17.9% by 2027 and 2028 respectively.1,2 Password manager LastPass reported that 95% of organisations in 2021 used software-based authenticators for MFA rather than physical tokens or biometrics.
But given the higher risks of attacks – and the enormous costs in dealing with data breaches and lost business – companies need to look for alternative solutions in 2023.
Several high-profile organisations, including Cisco Talos, Microsoft, and Uber, have been breached by threat actors who have utilised this technique. Whilst MFA plays a significant part in strengthening an organisation’s cybersecurity posture, it is not a ‘silver bullet’.
As a temporary workaround for MFA fatigue, it is likely that organisations will increasingly disable push notifications of “approve sign-in” requests and seek to ensure that number matching and location-based verification is used to gain access to accounts instead.
But nothing matches the security of passwordless ID verification tools. APLYiD specialises in biometrics than can confirm a user’s identity against government and credit bureau records including PEP and sanctions checks in under 90 seconds. By including its API in your company’s authentication and login process that time can be cut even shorter and be a simple, safe and totally secure way of restricting access to your workforce. APLYiD has reduced cybercrime to the tune of over $2 billion dollars in New Zealand alone, and proven over 98% effective in cutting identity theft and data breaches.
Placing an identity ‘perimeter’ around your most valuable data, and unhackable biometric protocols in place to prevent unauthorised access, is the soundest way of futureproofing your business.
And the benefits for your workforce are much greater. No more MFA Fatigue or phishing emails gaining access to your systems. No more social engineering attempts via your IT departments. Just simple access that allows your teams to work virtually, anywhere in the world, with total security.
If we see worldwide adoption of biometric ID perimeters in 2023, then my highlight for the year will be very different. Personally, I’d love to sit in an ugly AirBnB and listen to hackers swearing when they realise they can’t break into the world’s biggest companies.
I’ll probably bring my own sausage rolls this time.
The cost of living crisis, competitive landscape and ongoing war in Ukraine are causing major headaches for the legal industryRead more
The new 2023 plate change will come in a volatile, ultra-competitive market. Here’s how to win over those harder-to-reach customersRead more
There are some tiny, fragile signs that the UK Property market is recoveringRead more
The accounting industry is in crisis – but with one simple software tweak it could become a fun, rewarding job once moreRead more
As interest rates continue to rise, so too do abandonment rates. By creating a better customer experience, you can cut those rates while protecting your business from fraudRead more
The entire accounting industry is changing. For some that means new opportunities for growth and diversification; but for others the change can be traumatic.Read more
Watch and learn with our pick of the 14 best YouTube channels to follow if you’re serious about cyber securityRead more
Passwords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?Read more
New to KYC? Here’s your at-a-glance guide to the ins and outs of Knowing Your Customer.Read more
The FCA reports that the UK’s top challenger banks still don’t do enough to eliminate identity theft and cyber fraud – but there’s nothing but silence from the companies that are supposed to be protecting them.Read more
The next year is going to be a tough one, with fewer car registrations than ever. Follow our tips to make the most of every customer and drive ahead of the competition.Read more
Some predict a bumper year for consumer finance; other suggest the industry will suffer. Either way recessions can wreak havoc – but here are some ways you can navigate the choppy waters ahead.Read more
Wherever you look the experts are predicting an annus horribilis for Estate Agents next year. But we’ve unearthed some ways you can beat the property market slump and thrive next yearRead more
Conventional wisdom predicts that legal firms do well in a recession. But that’s not always the case – unless you follow our top five tips for 2023Read more
Well, 2022 was a bit of a hellscape, wasn’t it? Recessions, political merry-go-rounds, Royal dramas, problematic world cups, and the ever-present ghost at the feast that is Brexit have all left their mark on theRead more
There are many reasons why elite sports stars can end up poor and homeless. Drug habits, concussions, bad investments, you name it. But Cindy Brown is different.Read more
The safest, fastest and most trustworthy onboarding process to verify your customer’s identity.Read more
The best customer onboarding experience… and the best defence against digital fraud.Read more
Digital-first banks attract customers with no-fee accounts and simple, seamless setups. But their appeal to fraudsters means the more seamless they get, the more dangerous they become.Read more
The myth persists that identity theft is a relatively harmless, victimless crime aimed mostly at the elderly and vulnerable… but the data doesn’t agree.Read more
Our complex world and its resultant threats to businesses mean General Counsel and legal firms are getting less sleep than ever. But there’s more to it than just risk: finding the right balance can give in-houseRead more
So much of the world is under threat from scammers, bad actors – and governments that give them shelter. But we can defeat the bad guys if the good guys band together.Read more
KYC is an important part of protecting yourself – and your customers – from fraud, regulatory breaches and bad actors. Luckily APLYiD makes KYC compliance quick, seamless and effective.Read more
Imagine returning from a well-earned holiday and putting your key in your front door only to find the locks have been changed…. then a stranger opens the door and asks who you are.Read more