How does your Organization’s MFA Scheme Stacks-up?

Bearer-aware credentials by definition use some attributes of the end-user’s environment and ensure the submitted credentials are tied back to the user. As such, any attacker, when intercepts and spoofs the credentials with this bearer-aware property, would not be able to authenticate and take-over any user accounts.

iLogSafe introduced this novel paradigm of bearer-aware credentials that tie back to the user’s transparently, thereby prevent account compromises even if they are stolen and impersonated. For a quick overview, you can watch our video here.

But why do we even need bearer-aware credentials in order to solve the problems of credential leaks, data breaches and account take-overs?

Let’s closely examine the current Multi-Factor Authentication (MFA as it’s the least you can do to protect your organization from cybersecurity threats. While MFA does lower the risk of an attack the latest tools like Modlishka made real-time impersonation attacks a breeze. They can be carried out in the form of Channel Jacking or Real-Time Phishing.

Channel Jacking is a cyber attack that targets the communication channel used for authentication (email, text, push notifications, phone calls, etc.). Tools like Modlishka implement reverse proxy logic to bypass any 2FA support and make channel jacking attacks successful.

Real-Time Phishing intercepts authentication messaging by placing a machine-in-the-middle which bypasses any trusted security mechanisms. In a real-time phishing attack, a user unknowingly enters account details on a phishing website which captures credentials and steals sensitive information. Hackers can attack one-time passwords (OTP), tokens, SMS cards and readers to intercept your authentication information and commit fraud.

In the past, many organizations utilizing MFA dismissed phishing attack threats mistakenly thinking they were incapable of bypassing security controls. Today, cybercriminals use phishing kits capable of breaking through any MFA system to conduct fraud in real time.

Dominant 2FA schemes

While two-factor (2FA) authentication is recommended as a minimal protection against credential fraud, it comes with a set of challenges unique to the industry where it’s being used:

Industry Dominant 2FA Solution Main Risk Area
Finance (FFIEC, PSD2, PCI) SMS, Hard token OTPs Interceptions in mobile and online transactions, SIM card swapping, 30+sec login time
Healthcare (HIPAA) SMS OTP HIPAA compliance requires organizations to address credential security practices
Legal  (CJIS) SMS OTP Access to National Crime Information Center (NCIC) via mobile devices from unsecured locations
Enterprise Soft OTP, Out-of-band approval apps OTP can be easily stolen when sent to mobile devices over text messaging

Industrial based comparison

NormShield 2018 Cyber Security Risk Brief also provides industry report cards (shown below) that gives a industrial- based comparison for different risk categories based on easy-to-understand A-F letter grading. While companies in Financial Services and Technology relatively better in Credential Management (even though they only receive an average score of F), companies in Healthcare, Professional Services, Education, and Retail perform very poorly and receive F.

It’s clear that current 2FA and MFA measures are not enough to protect your organization from malicious cyber-attacks. Optimization process should be as clear, simple and straightforward to users and decision makers as possible. That’s why a need for a simple and clean solution becomes clear.

iLogSafe is a patented solution that is entirely immune to SIM card swapping, interceptions by a machine-in-the-middle and other forms of credential phishing attacks. By eliminating password management headaches, iLogSafe prevents credential fraud and enables enterprises to do online business without the fear of getting exposed.

iLogSafe benefits:

  • Eliminate potential data breaches and fraud through credential compromise with bearer-aware credentials
  • Avoid reliance of passwords and password management routines that are obsolete
  • Save on training and audit costs and increase productivity
  • Achieve PCI DSS, HIPAA and FFIEC compliance and save!
  • Enterprise-grade Single Sign On (SSO) for passwordless access to applications
  • Fraud prevention and transactional authentication

Schedule a quick demo today to see for yourself how iLogSafe can help secure your enterprise!

How can we help you?

Password-less authentication; Anti Phishing ; Anti Keylogs All these can be achieved with zero-foot print zero-knowledge password proof (ZKPP) schemes.

    Newsletter Signup

    Want to know about Anti-Phish codes?

    Message Us on WhatsApp