2022 has seen an array of high-profile cyberattacks so far, including many that started with stolen credentials. Uber, the North Face, DoorDash, Microsoft, Okta, and Marriott are among the many targeted in 2022 by hackers using phishing attacks, social engineering, and other exploits to get their hands on usernames, passwords, and secured data.
And while credentials-related breaches are nothing new—Verizon has been tracking them since 2008 in its annual Data Breach Investigations Report, which found that passwords were one of the leading causes of all data breaches every year for the last 15 years—the problem is getting worse. One recent report indicated 84% of organizations in a national survey had experienced an identity-related attack. Another mid-2022 study showed that identity-based attacks accounted for more than half of cybersecurity incidents identified by one SOC.
Given how pervasive credentials-based attacks have become, the obvious question is how this trend can be reversed. And the obvious answer is to stop relying on the old, familiar username/password combination to verify identities. As long as organizations depend primarily on passwords for authentication, the number of credentials-based attacks will continue to rise. Passwords are simply too pervasive and too easy a target for threat actors to ignore.
At RSA, we believe firmly that fewer passwords mean better security. We’ve been making the argument for passwordless authentication for years, and we’ve worked with the FIDO Alliance to promote it since 2014, serving as a board member and also incorporating FIDO protocols into our own identity and access management products and solutions.
While we’re in favor of phasing out passwords, we also recognize that their use is deeply entrenched. Companies have been relying on them for decades, so passwords aren’t not going to go away overnight. One of the best ways we can think of to support organizations in pursuing passwordless authentication is to make it easier for them to make the transition to passwordless methods. Case in point: our new DS100 authenticator.
The DS100 is a secure, multi-functional hardware authenticator that demonstrates the RSA commitment to helping organizations on the path to passwordless authentication. It supports both one-time password (OTP) and passwordless FIDO2 authentication in a single device, so organizations can secure users as they transition to passwordless without having to change authenticators. Physically deployed but managed in the cloud, the DS100 is available as part of the ID Plus cloud and hybrid identity platform from RSA.
The DS100 represents an important asset in reducing the risk of passwords and improving authentication.
The next step in improving authentication is integrating intelligence: the best authentication is the kind that users don’t need to perform at all. By using contextual analysis and AI to dynamically assess risk, security systems can manage authentication without needing the user to provide any factors. Intelligent authentication is faster, smarter, and easier for users because it’s virtually invisible to them.
We’ll be sharing more about how intelligent authentication can support the DS100 and improve organizational security very soon.
# # #
Download the DS100 datasheet to learn more.