Credential Compromises: An Identity Management Crisis

Identity management compromises were the culprits of several recent high profile cyber attacks. In fact, the Colonial Pipeline, SolarWinds, and Microsoft Exchange attacks all started with simple credential compromises. Beyond these high profile attacks, it has been reported that 81% of data breaches start with identity and credential compromises.

MFA to the Rescue?

Many companies have invested a significant amount of time and money on multi-factor authentication to mitigate threats from credential compromises, according to a Gartner report. However, there are significant disadvantages to MFA solutions.

First, MFA solutions add another level of friction to the user’s experience. Besides the added layer of friction, MFA solutions offer several key limitations. To use mobile SMS code MFA, an employee must carry a mobile phone, charged, and kept in-range of a cellular network, whenever authentication might be necessary.

There are MFA solutions that necessitate a piece of hardware like security keys, and that comes at a cost: pay for each physical token and allocate resources for the hardware’s maintenance. The smartphone and the security key can be lost or stolen. MFA solutions that leverage biometrics give the user a sense of enhanced security. The reality is, however, rather different… unless advanced biometrics are involved. Voice can be replicated, fingerprints can be copied, faces can be spoofed and iris scanners can be hacked.

Identity-First Solutions

To implement bulletproof identity management, enterprises should go beyond MFA and consider identity-first solutions. What exactly is an identity-first solution? In an identity-first solution, identity is at the center of security design. This means that all passwords, usernames, and one time codes traditionally used in MFA solutions are replaced with advanced biometric authentication.

Before COVID-19 “identity as the new security perimeter” was seen as idealistic, not realistic. Now that the workforce has become increasingly remote during the pandemic, identity-first has become a reality, not just an ideal.

According to Gartner, while companies have invested a significant amount of both time and money on MFA solutions, they have invested very little on identity-first security measures that would have prevented most of the recent cyber attacks like SolarWinds.

The 1Kosmos PIP: Flexible and Fast Passwordless Authentication

The 1Kosmos PIP goes beyond traditional MFA and passwordless solutions to provide the industry’s first NIST 800-63-3 and FIDO2 certified digital identity solution. BlockID provides strong, verified identity-based authentication where needed and reduces the friction associated with filling out forms or remembering usernames and passwords.

Security teams are often faced with the challenge of balancing security and convenience for employees, all while addressing authentication needs that vary by department. With the PIP powered by 1Kosmos BlockID, a distributed digital identity platform, organizations can address various passwordless authentication needs across multiple departments in a matter of days.

The 1Kosmos PIP solution is not only a bulletproof identity management solution, but it is also low risk and low investment. It allows your enterprise to accelerate time to market as you explore incorporating passwordless into your environment. Also, the 1Kosmos PIP offers built-in integration with several top IAM solutions like Okta, Ping, and ForgeRock. This allows companies to leverage their existing investments with minimal effort.

Key advantages of the 1Kosmos PIP include:

  • Organic Adoption – A passwordless QR code is placed on the same login page as the conventional username and password to give users a choice of when to go passwordless. An example of this is our BlockID + Office 365 integration seen here:
Screenshot of a phone with a Passwordless-QR-Code and a computer screen with a Google log-in screen
  • Reset Assurance – 1Kosmos includes a biometric reset feature, so forgotten passwords are no longer an issue. The user can reset using live biometrics, device biometrics, push or via one-time password (OTP), rather than remembering various passwords for seldom used services.
  • License Flexibility – As users see the value in going passwordless and the adoption increases, the PIP remains flexible. 1Kosmos has packaged the solution so enterprises can buy all the planning, integration and user licenses for the first year.

If you are currently using a MFA solution, your employees deserve a better, safer experience. Contact today to learn how the 1Kosmos PIP can minimize employee friction while providing your enterprise with a higher level of identity assurance.