Last year, stolen user credentials were used in four out of five data breaches.[1]
Amidst an ever-changing threat landscape, this statistic suggests a clear trend: attackers increasingly target individual users to gain fully-privileged, insider access. Security processes and controls can reduce the attack aperture, but user passwords still represent the weakest link in the security chain.
Two-factor authentication originally emerged as a solution over twenty years ago. It creates the best protection against stolen passwords; adding a layer of defense to the broad and vulnerable perimeter that the users represent. However, traditional two-factor solutions have been expensive, intrusive, and a challenge to deploy. These product shortcomings have led to a history of failed rollouts and a lingering reputation of two factor as cumbersome.
Today, a new breed of two-factor solutions has evolved that offer versatility, efficiency, and powerful developer resources. These key virtues have enabled broader adoption among modern, complex organizations and even consumer-oriented sites like Facebook, Twitter, Gmail and Evernote.
With billions of user accounts across varying demographics, it may come as a surprise that social networks are leading the implementation of modern authentication. The technology's acceptance by social networks reflects an understanding--and an appropriate response--to the insecurity of user logins. Its acceptance by consumers illustrates the dramatic improvements in two-factor usability.
Attackers focus on stealing passwords to gain access to valuable information. Enterprise organizations--in possession of the most sensitive data--can employ a strong perimeter by implementing modern two-factor authentication.
Join us for a webcast on strong authentication's evolution over the years, and its role in disrupting user-targeted attacks, featuring John Pescatore, SANS Director and Dug Song, Duo Security CEO and co-founder.