Passwords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?
What’s been your highlight this year? Mine was unusual: sitting in a dingy AirBnB in South London with a crack team of hackers. We ran the project as part of a white paper assessing the safety of challenger banks with our partners at WeFightFraud (you can read the alarming results here) led by the charming, cheeky and utterly terrifying Tony Sales.
While the surroundings (and the cold sausage rolls) weren’t exactly memorable, the lesson they taught me was. Because that was the day I saw Multi-Factor Authentication (MFA) completely collapse.
Hypr estimates that between 80-90% of MFA applications is hopelessly easy to breach. All those times you received a text to verify your login to Office 365 or confirmed your email on the very same device used to set up a new account; all pointless. Hackers use some sophisticated (and not-so-sophisticated) methods to bypass MFA so that it’s barely more secure than using a simple password. (And let’s face it, we’re one of the 64% of people that use the same or similar password for everything.)
Attacks include phishing, SMS OTP (those texts purporting to come from Amazon), even social engineering – where the hacker simply calls up the IT help desk and engineers the call centre staff to give up the passwords or reset them to a new mobile number – and MitM (Man in the Middle) can all yield results. And then there’s ‘MFA Fatigue’ – which involves spamming victims with authentication prompts until they grant the attacker access accidentally or out of frustration – perceiving it as a legitimate login attempt or a bug. It is a type of brute force approach to bypassing MFA that takes advantage of how approving MFA requests has become so routine that employees assume the prompts in their authenticator apps are always valid.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The global MFA and cloud computing markets are projected to grow by nearly 15.6% and 17.9% by 2027 and 2028 respectively.1,2 Password manager LastPass reported that 95% of organisations in 2021 used software-based authenticators for MFA rather than physical tokens or biometrics.
But given the higher risks of attacks – and the enormous costs in dealing with data breaches and lost business – companies need to look for alternative solutions in 2023.
Several high-profile organisations, including Cisco Talos, Microsoft, and Uber, have been breached by threat actors who have utilised this technique. Whilst MFA plays a significant part in strengthening an organisation’s cybersecurity posture, it is not a ‘silver bullet’.
As a temporary workaround for MFA fatigue, it is likely that organisations will increasingly disable push notifications of “approve sign-in” requests and seek to ensure that number matching and location-based verification is used to gain access to accounts instead.
But nothing matches the security of passwordless ID verification tools. APLYiD specialises in biometrics than can confirm a user’s identity against government and credit bureau records including PEP and sanctions checks in under 90 seconds. By including its API in your company’s authentication and login process that time can be cut even shorter and be a simple, safe and totally secure way of restricting access to your workforce. APLYiD has reduced cybercrime to the tune of over $2 billion dollars in New Zealand alone, and proven over 98% effective in cutting identity theft and data breaches.
Placing an identity ‘perimeter’ around your most valuable data, and unhackable biometric protocols in place to prevent unauthorised access, is the soundest way of futureproofing your business.
And the benefits for your workforce are much greater. No more MFA Fatigue or phishing emails gaining access to your systems. No more social engineering attempts via your IT departments. Just simple access that allows your teams to work virtually, anywhere in the world, with total security.
If we see worldwide adoption of biometric ID perimeters in 2023, then my highlight for the year will be very different. Personally, I’d love to sit in an ugly AirBnB and listen to hackers swearing when they realise they can’t break into the world’s biggest companies.
I’ll probably bring my own sausage rolls this time.
If you are a Lawyer, Real Estate Agent, or an Accountant in Australia, you may be wondering what exactly this ‘Tranche 2’ stuff will mean for you in practical terms.
Read morePress Release: APLYiD Partners with HES Fintech to Enhance Digital Identity Verification Solutions
Read moreIt's not hard to scam an agency, and HMRC is on the hunt for AML negligence with £5k fines. Yikes. But there is an easy way to fix this...
Read moreAs Valentine's Day approaches, love is undoubtedly in the air, but unfortunately, so is the risk of identity theft within the online dating sphere.
Read moreAs we kick off the new year, APLYiD, a leading identity verification company, is navigating through changes in the regulatory landscape.
Read moreIn today's fast-changing world of digital security, biometric verification has become a crucial way to authenticate identities.
Read moreWhat is Enhanced Due Diligence and why is it so important?
Read moreAt APLYiD our mission is to end identity fraud and digital crime – that’s why we’ve made the best biometric identity verification software on the planet. But as our technology gets more sophisticated...
Read moreThe cost of living crisis, competitive landscape and ongoing war in Ukraine are causing major headaches for the legal industry
Read moreAt APLYiD our mission is to end identity fraud and digital crime – that’s why we’ve made the best biometric identity verification software on the planet. But as our technology gets more sophisticated...
Read moreThe new 2023 plate change will come in a volatile, ultra-competitive market. Here’s how to win over those harder-to-reach customers
Read moreThere are some tiny, fragile signs that the UK Property market is recovering
Read moreThe accounting industry is in crisis – but with one simple software tweak it could become a fun, rewarding job once more
Read moreAs interest rates continue to rise, so too do abandonment rates. By creating a better customer experience, you can cut those rates while protecting your business from fraud
Read moreThe FCA reports that the UK’s top challenger banks still don’t do enough to eliminate identity theft and cyber fraud – but there’s nothing but silence from the companies that are supposed to be protecting them.
Read moreWatch and learn with our pick of the 14 best YouTube channels to follow if you’re serious about cyber security
Read morePasswords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?
Read moreNew to KYC? Here’s your at-a-glance guide to the ins and outs of Knowing Your Customer.
Read moreThe entire accounting industry is changing. For some that means new opportunities for growth and diversification; but for others the change can be traumatic.
Read moreWherever you look the experts are predicting an annus horribilis for Estate Agents next year. But we’ve unearthed some ways you can beat the property market slump and thrive next year
Read moreThe next year is going to be a tough one, with fewer car registrations than ever. Follow our tips to make the most of every customer and drive ahead of the competition.
Read moreSo much of the world is under threat from scammers, bad actors – and governments that give them shelter. But we can defeat the bad guys if the good guys band together.
Read moreConventional wisdom predicts that legal firms do well in a recession. But that’s not always the case – unless you follow our top five tips for 2023
Read moreOur complex world and its resultant threats to businesses mean General Counsel and legal firms are getting less sleep than ever. But there’s more to it than just risk: finding the right balance can give in-house
Read moreSome predict a bumper year for consumer finance; other suggest the industry will suffer. Either way recessions can wreak havoc – but here are some ways you can navigate the choppy waters ahead.
Read moreThe safest, fastest and most trustworthy onboarding process to verify your customer’s identity.
Read moreDigital-first banks attract customers with no-fee accounts and simple, seamless setups. But their appeal to fraudsters means the more seamless they get, the more dangerous they become.
Read moreThere are many reasons why elite sports stars can end up poor and homeless. Drug habits, concussions, bad investments, you name it. But Cindy Brown is different.
Read moreThe myth persists that identity theft is a relatively harmless, victimless crime aimed mostly at the elderly and vulnerable… but the data doesn’t agree.
Read moreThe best customer onboarding experience… and the best defence against digital fraud.
Read moreWell, 2022 was a bit of a hellscape, wasn’t it? Recessions, political merry-go-rounds, Royal dramas, problematic world cups, and the ever-present ghost at the feast that is Brexit have all left their mark on the
Read moreKYC is an important part of protecting yourself – and your customers – from fraud, regulatory breaches and bad actors. Luckily APLYiD makes KYC compliance quick, seamless and effective.
Read moreImagine returning from a well-earned holiday and putting your key in your front door only to find the locks have been changed…. then a stranger opens the door and asks who you are.
Read more