Are You Sure You Didn’t Authorize Someone You Shouldn’t Have?

MBraojos's picture

Fake identities posing as “trusted sources” and the lack of multi-factor authentication were exposed at the core of the recent swarm of malicious “Google Docs” phishing attacks across the world.  The attacks were effective because they looked like they were coming from someone you trust, asking you to do something – in this case, asking you to open a Google Document.

What was learned from the Google Docs phishing scam?  Verification of the authenticity of an online transaction, whether it’s accessing e-mail, an information database or even a bank account, continues to be vitally important.   

Google has taken remedial action for the Google Docs phishing attack but the fact remains that third-party apps rely on this mechanism to make your life more convenient.  Let’s not forget security. 

Multi-factor authentication has quickly become an important security measure to protect organizations by putting the power back into people’s hands to verify identities, protect their credentials from being stolen and misused, and be able to transact securely.

Experts agree that the future of cyber attacks involves tricking the user into granting permission to a third-party application – in other words, asking for privileges to access something of yours.  In this brave new world, multi-factor authentication will become as commonplace for organizations – financial institutions, government agencies, utility companies, healthcare institutions and companies in other regulated markets – as Google mail is today. 

Accessing e-mail with one factor (e.g, password) is too susceptible to being faked out in the digital realm.  Two-factor authentication will be needed because a second form of verifying the identity of the so-called “trusted source” may become the linchpin for protecting your organization from a digital disaster.  And the truth is that the cyber attacks of tomorrow are already coming upon us today.  Seriously, make sure you have multi-factor authentication turned on.

Multi-factor authentication was also highlighted in the retail store Target’s recent settlement in which it agreed to pay $18.5 million for the 2013 breach that affected 41 million consumers.  As part of the settlement, Target has agreed to do the following:

  • “Take steps to control network access, including password rotation policies and two-factor authentication.”

We at HID Global have watched how our customers have benefitted from multi-factor authentication.

For example, we have been monitoring how banks are using our new HID Approve mobile app to deliver two-factor authentication.  When someone is asking for online permission to access an account or a corporate VPN, the person gets a notification on their phone about it.  He or she swipes his/her finger on the screen to approve or verify it.  He/she swipes his/her finger to the left to reject it.  Not only is it an easy user experience, it also verifies the trusted source. 

Cyber attacks highlight how “trust” should be at the center of all conversations about securing people, places and things.  HID Global is talking about it.  Join the conversation at the following LinkedIn Group: Identity & Access Management Discussion Forum

For more information about multi-factor authentication, go to www.hidglobal.com/secure-transactions