Mobile Authentication: The Good, The Bad & The Ugly

Uploaded on 2023-06-19 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybercriminals are continuously looking for innovative new attack methods and, currently, 31 percent of UK businesses face a cyber attack at least once a week. It is therefore essential that business leaders keep up to date with the latest cyber threat trends and ensure they are considering how adversaries could be gaining access to sensitive data due to ineffective authentication methods and poor cyber hygiene practices.

When it comes to gaining access to devices and workspaces, many companies have moved past relying on simple username and password combinations and have turned to mobile-based authentication as an extra layer of protection. However, while mobile devices may be convenient to use and can offer users a sense of security, this form of authentication isn’t as secure as it may seem.

Mobile Authentication Is Not As Convenient Nor Secure As Many Believe

Mobile devices have many uses and benefits; however, they can also be easily lost, stolen, or broken. This opens organisations up to numerous cybersecurity risks and makes them much less convenient to use for signing into important accounts.

Secondly, mobile devices offer limited use as authentication methods in locations with reduced mobile coverage or security restrictions. In these cases, users who need to authenticate via mobile devices are left unable to retrieve their private information. Low battery power can also interfere with mobile authentication, especially in situations when users cannot wait for their device to sufficiently charge.

Contrary to popular opinion, even in the right conditions, mobile devices are not the most secure form of digital authentication. As revealed in Yubico's State of Global Enterprise Authentication Survey, UK respondents believed passwords (23 percent), push authenticator apps or mobile one-time passcodes (OTPs) (23 percent), and mobile SMS-based authentication (20 percent) to be the most secure forms of digital authentication. However, these conventional methods have proven to be susceptible to a variety of common cyber attacks.

Although some form of cyber security is always better than having none whatsoever, passwords and mobile-based authentication – such as digital authentication apps, OTPs, and SMS verification – are not effective enough to mitigate increasingly advanced attacks.

Man-in-the-middle (MitM) attacks, phishing, SIM swapping, password spraying, and ransomware can all bypass traditional authentication methods and lead to data breaches, imposing devastating consequences on targeted organisations, their employees, and customers.

The Benefits Of Alternative Authentication Methods

For UK businesses looking for alternative methods, it is important to be aware that some forms of multi-factor authentication (MFA) and two-factor authentication (2FA) are more robust than others. For example, stronger methods require users to authenticate with either a hardware security key or identity credential that is unique to the individual user such as a fingerprint. With the help of FIDO protocols - globally recognised standards of public key cryptography techniques delivering stronger authentication - methods like these provide users with a seamless and more secure experience when accessing their digital accounts by removing the need for passwords or mobile devices.

These methods also offer robust authentication across multiple devices and accounts, reducing the number of times a user needs to sign in. However, most importantly, implementing business-wide passwordless solutions helps to bolster an organisation’s security posture and significantly reduces the risk of emerging attacks.

Better Cyber Hygiene & Business-Wide Training

Even the most robust digital authentication solutions must be paired with good cyber hygiene practices, reinforced with regular cyber training. According to our survey, just 42 percent of UK participants claim they are required to attend frequent cybersecurity training – suggesting that most organisations aren’t adequately enforcing up-to-date business-wide cyber training.

Findings also show that over the previous 12 months, UK respondents confessed to not reporting a phishing attempt (31 percent), allowing their work-issued device to be used by someone else (33 percent), using a work-issued device for personal use (49 percent), using a personal device for work (58 percent), and having an account reset due to lost or forgotten credentials (58 percent).

The combination of weak authentication methods and poor digital habits like these make organisations especially vulnerable to cyber attacks which can directly target their customers, employees, and third-party partners too.

It’s important to enforce better cyber hygiene practices on a regular basis to protect organisations fully and effectively from emerging threats.

Moving Away From Mobiles & Towards Passwordless Authentication

Mobile-based authentication, OTPs, and passwords are some of the most widely used authentication methods but are not the most secure. It is up to organisations to upgrade their digital security by implementing phishing-resistant passwordless solutions which are more effective and user-friendly than conventional authentication methods.

Employees can be the biggest strength or weak link in an organisation’s cybersecurity, so providing robust authentication and best-practice training should be a top priority. In doing so, UK-based organisations can reap the long-term benefits of improved data security and ensure their business continuity.

Mark Bell is Channel Manager at Yubico

You Might Also Read:

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five Biggest Dangers Of AI For The Upcoming Years
Penetration Testing Is A Vital Tool To Deal With AI-Based Attacks  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.