Your Reading List & recommendations

Identity security made simple

Jay McDonald, O2 Business Cyber Security Product & Propositions Manager presents some key security solutions that allows everyone to focus on doing their job, without putting themselves or their organization at risk of identity theft.

In an increasingly digital world, sometimes keeping it simple is the best way, and potentially the more secure approach.

Cifas, the UK’s leading fraud prevention service, has revealed that cases of identity fraud have increased by almost a third over the last five years.

In a world where identity security offers passwords, PINs, Two-Factor Authentication (2FA), Multi-Factor Authentication (MFA), Smartcards, mobile authenticators, SMS OTP, biometric recognition, and much more, it can be difficult to know which approach to follow. And this is a challenge that many of our customers face.

Adding one or many of the above solutions can be faced with criticism, since it requires additional steps, and therefore time, which can be seen as a hindrance to productivity and can therefore cause frustration.

But what if this security layer could be added without negatively impacting productivity? What if the method were so simple, that it only required inserting a USB key and clicking to confirm the action to authenticate the user? This would be a simple, yet extremely effective way of adding Multi-Factor Authentication to prevent account takeover breaches, without frustrating or slowing the user. And this solution already exists.

Google, in the early years, worked with vendor Yubico to solve their problem of account compromises with a 2FA/MFA solution that stopped 100% of the account take over breaches. Yubico created a USB hardware key called a Yubikey, and Google rolled out the keys, which they still use today, as I saw first-hand when walking through their offices in Sunnyvale US earlier this year (when traveling was still a thing). And they report zero account takeovers. Many other companies, including the likes of Facebook, Twitter and Cisco, have since adopted this technology. And Microsoft have now partnered up with Yubico to work on a password-less program together, recognising that cyber security and productivity are directly linked.

Multi-Factor Authentication is one of the most effective controls an organisation can implement in order to protect the business and mitigate against cyber incidents such as phishing, malware and account takeovers etc. MFA is defined as two or more of the following:

  • Something you know; A PIN, password or response to a challenge
  • Something you have; a physical token, smartcard or software certificate
  • Something you are; fingerprint or iris scan

Yubikey provides MFA security by combining something you have, i.e. a USB key, with something you know, i.e. the response to the challenge to click and authenticate the user. What started off as a way to prevent account takeovers as MFA for users logging into their account has now created additional use cases for the hardware device.

Linked to a user or employee, combined with identity vendors like Cisco Duo, Microsoft, Okta, Ping etc, the employer can grant secure privilege access to authenticated users by confirming with their key.

A Yubikey is a great way to confirm identity quickly and simply. This is especially relevant if you are an organisation that does not allow mobile phones into the workplace (such as a call centre or bank), or requires speed to authenticate (such as a Retail shop, or public sector organisation like the NHS, Ambulance, Police or Fire services), and therefore cannot use a mobile application like an authenticator.

With NFC and multiple connector options like USB-C, Lightning etc., this is a Swiss army knife MFA solution that is able to collapse other identity solutions. For the user, enabling quicker identity authentication means that coffees can be made quicker, shops can serve customers faster, health service professionals can access critical applications sooner, teachers can access content in shorter time, so they can spend more time with the students, council workers can log on to relevant systems quicker so they can focus on providing public services, and so on.

In summary, this simple security solutions means that everyone can focus on doing their job, without putting themselves or their organization at risk of identity theft.



All articles

Growth

Public sector

Safe & secure

Start-ups

Tech advice

Work smarter