Passwords are notoriously problem-filled as a security measure, with everything from rampant re-use across accounts to poor choices like “password1” plaguing their effectiveness at keeping out hackers. In an effort to move to a “post-password” world, new authentication approaches are being developed.
For instance, SecureAuth has launched SecureAuth IdP 8.0, an update of its access control solution that incorporates risk-based authentication to, in theory, detect and stop attackers before they breach an environment. It now includes four criteria to deliver live threat assessment including: IP address, IP reputation using threat intelligence powered by Norse Corporation’s DarkMatter network, group membership and geo-location/geo-velocity.
IdP authentication workflows can include all four of these criteria chained together, or a subset. At each point of inspection, there are four actions that can be taken: pass, challenge, redirect or fail.
“Enterprises are forced to find innovative and effective ways of authenticating user identities across a broad range of endpoints to a combination of organizations' own applications and third-party applications,” said Gregg Kreizman, research vice president for security and privacy at Gartner, in a recent report. “Contextual information, such as device security status, time-of-day, network address and geolocation can enrich user and device authentication methods, and access managers are beginning to leverage these to make improved adaptive access decisions. Analysis of identity-relevant contextual information, including user behavior patterns, provides input to web fraud detection and user authentication.”
The company said that one of the goals of the functionality is ease of use—safety measures won’t be adopted if they’re too onerous for end users. To that end, IdP offers multi-factor authentication workflows that can integrated with existing corporate resources and policies for cloud, mobile and desktop access.
“Major security breaches have stayed in the headlines in 2014,” said Pete Lindstrom, research director of security products at the IDC research and advisory firm, in a statement. “Even today we’re hearing about attackers stealing user credentials to disrupt businesses and governments for financial gain – it’s clear that password-based security is not enough. It’s imperative for organizations to incorporate more intelligent security measures at the point of user authentication to prevent intrusions, yet it is equally important to balance strong security with the frictionless experience that users demand.”
The solution includes a transformation engine that dynamically changes user attributes to meet custom mapping needs; two-factor authentication support for Windows desktops and servers; account provisioning and synchronization that eliminates the need to manually manage user data in multiple locations; and a visual configurator for the creation of IdP authentication workflows.
“SecureAuth IdP 8.0 equips organizations with a process to detect threats and prevent unauthorized access to corporate resources before a security breach occurs,” said Keith Graham, CTO at SecureAuth. “It seems as if daily there are news reports about yet another company being hacked, user credentials stolen, and personal data compromised. These on-going attacks mean organizations must step up their attempts to block attackers before they can do damage. SecureAuth is working hard to help our customers address their authentication challenges in this ever changing cyber-threat landscape.”