{"id":82768,"date":"2024-08-14T12:04:30","date_gmt":"2024-08-14T04:04:30","guid":{"rendered":"https:\/\/version-2.com\/?p=82768"},"modified":"2024-08-07T12:08:43","modified_gmt":"2024-08-07T04:08:43","slug":"annoying-but-necessary-how-to-decrease-the-burden-of-authentication-requirements","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2024\/08\/annoying-but-necessary-how-to-decrease-the-burden-of-authentication-requirements\/","title":{"rendered":"Annoying but necessary: How to decrease the burden of authentication requirements"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Authentication mechanisms are a vital aspect of cybersecurity deserving adequate protection, but increasing complexity makes them an easier target. <\/em><\/p>

Since American computer scientist Fernando Jos\u00e9 Corbat\u00f3 created the first password-based authentication<\/a> in the 1960s, passwords have been an integral part of IT security all over the world. But while the principle of using a string of characters unknown to others remains the same, the world of computing has become exponentially more complex, where an average person now has 168 passwords <\/a>out of which 87 are business-related.<\/p>

This causes headaches not only for average users but also for IT admins who handle the secure authentication needs of hundreds if not thousands of employees within their companies who work with a number of applications and devices.<\/p>

As a global leader in cybersecurity, ESET knows that businesses not only need reliable defenses against malware but also easy-to-use platforms helping them manage daily tasks including secure authentication.<\/p>

To ease the authentication burden on IT admins, ESET has introduced ESET Secure Authentication<\/a>, a cloud-based solution running on a single dashboard<\/a>, that provides multifactor authentication for multiple applications.<\/p><\/div>

Beloved targets<\/h3><\/header>

Credentials are among cybercriminals\u2019 most beloved attack vectors. According to the Verizon 2024 Data Breach Investigations Report<\/a>, 77% of basic web Application Attacks involved stolen credentials, 21% of them were the result of brute force (usually easily guessable passwords), and 13% of those attacks exploited vulnerabilities.<\/p>

The authors of this report also highlighted the fact that over the past 10 years, stolen credentials have appeared in almost one-third (31%) of all analyzed breaches, making credentials a core component of compromising organizations.<\/p>

Globally, over 80% of respondents<\/a> experienced a cyber breach due to authentication vulnerabilities in 2023, and consequences could be detrimental.<\/p>

In 2023, the FBI received 7,333 complaints<\/a> about personal data breaches involving a leak or the abuse of personal data. The cumulative loss of these breaches reached over $109,000,000.<\/p>

There is no surprise that the importance of password security is widely recognized and can be seen, for example, among polled small and medium-sized businesses (SMEs) in the U.S., U.K., and France in JumpCloud\u2019s 2023 Flexibility and Ingenuity Survey<\/a>. The survey shows that 64% of SMEs use an organization-wide password management tool or software, and 10% plan to implement one this year. For those who don\u2019t use password management, cost is the biggest factor.<\/p><\/div>

When a security practice becomes an attack vector<\/h3><\/header>

But there\u2019s also another aspect to password security. Having a robust cybersecurity solution including multi-factor authentication (MFA) is great, but at the same time, it creates new challenges for both users and IT admins.<\/p>

The problem among users is that they can become so irritated by repeating MFA authentication requests that they lose their vigilance. And there are already cases of MFA fatigue attacks<\/a> proving that.<\/p>

At the beginning of an MFA fatigue attack or an MFA bombing, attackers need to obtain targets\u2019 credentials via phishing, brute force, password spraying, etc. Once the targets\u2019 credentials are stolen, attackers start to bombard them with 2FA push notifications in the hope that they will click on \u201caccept,\u201d and thus authorize the attackers\u2019 login attempts, at least once.<\/p>

On the other hand, IT admins, already struggling with portal and alert fatigue<\/a>, have gained new responsibilities related to MFA system administration, such as update or alert management.<\/p>

That is why, for example, the Canadian Centre for Cyber Security advises<\/a> balancing overall user experience and security protection to maximize security and minimize disruptions.<\/p>

Here are some other pieces of advice on improving user experience and reducing the burden on IT resources:<\/strong><\/p>