How Two Factor Authentication Defends Against User Targeted Attacks

  • Thursday, 21 Nov 2013 1:00PM EST (21 Nov 2013 18:00 UTC)
  • Speakers: John Pescatore, Dug Song

Last year, stolen user credentials were used in four out of five data breaches.[1]

Amidst an ever-changing threat landscape, this statistic suggests a clear trend: attackers increasingly target individual users to gain fully-privileged, insider access. Security processes and controls can reduce the attack aperture, but user passwords still represent the weakest link in the security chain.

Two-factor authentication originally emerged as a solution over twenty years ago. It creates the best protection against stolen passwords; adding a layer of defense to the broad and vulnerable perimeter that the users represent. However, traditional two-factor solutions have been expensive, intrusive, and a challenge to deploy. These product shortcomings have led to a history of failed rollouts and a lingering reputation of two factor as cumbersome.

Today, a new breed of two-factor solutions has evolved that offer versatility, efficiency, and powerful developer resources. These key virtues have enabled broader adoption among modern, complex organizations and even consumer-oriented sites like Facebook, Twitter, Gmail and Evernote.

With billions of user accounts across varying demographics, it may come as a surprise that social networks are leading the implementation of modern authentication. The technology's acceptance by social networks reflects an understanding--and an appropriate response--to the insecurity of user logins. Its acceptance by consumers illustrates the dramatic improvements in two-factor usability.

Attackers focus on stealing passwords to gain access to valuable information. Enterprise organizations--in possession of the most sensitive data--can employ a strong perimeter by implementing modern two-factor authentication.

Join us for a webcast on strong authentication's evolution over the years, and its role in disrupting user-targeted attacks, featuring John Pescatore, SANS Director and Dug Song, Duo Security CEO and co-founder.