Passwordless authentication solutions for remote working

During the last year, firms have embraced remote working. While the initial move was taken through necessity rather than design, nearly a year on, many are deciding that remote working is a good solution both from a business point of view and from the perspective of the wellbeing of their people.

Unfortunately, we have seen a significant rise in cyber-security issues over the past year and firms that have not already taken action to protect themselves remain vulnerable. For those firms, and for any who find password management challenging or overly time-consuming, passwordless authentication is a great fit.

The remote worker is more at risk from cyber-attack 

In a traditional office-based environment organisations rely on perimeter-based security such as firewalls and air-gaps to protect data and networks. Systems have been built, managed and tested over time and security effectiveness proven. Ongoing monitoring and regular maintenance ensure continued protection.

Accommodating a mass remote workforce at pace required speedy implementation of new IT capabilities. Setting these up might have required short-cutting the usual systems including those designed to maintain security. Bad actors were only too aware of this and the number of attacks rocketed in March and subsequent months. Security specialist McAfee Labs found the volume of malware threats averaged 419 threats per minute in the second quarter of 2020, up 12% on the previous quarter, while Sophos, focusing on ransomware, notes that this “continues to be a daily threat, made worse by IT admins scrambling to meet work-from-home security requirements.”

Supporting a workforce that’s working from home sets a whole new set of challenges for security teams. How do they monitor the security of a wi-fi connection? How do they ensure a laptop, tablet or mobile phone that might be shared among several family members has no back doors for malware to exploit? How can they check documents shared via personal email, consumer-grade software, web sites, apps and other downloads?

And how can they truly regulate password use? According to the UK’s National Cyber Security Centre 23.2 million, cyber-attack victims worldwide used 123456 as a password. Security firm SailPoint found that 44 percent of people in the UK had not changed their password within the last six months.

A great fit for remote workers

Passwordless authentication is not the solution to all of these problems, but it is the ideal way to ensure that logins are secure, protected and authorised, without requiring the end-user to invest time and effort on password management – which we have already seen so many are unwilling to do.

Passwordless authentication relies on biometrics (such as a fingerprint), or physical keys (such as a smartcard or USB Key). Two or more factors can be combined (such as a fingerprint plus a passcode). The passcode can be randomly generated and sent to a second device, such as a smartphone. The combination of multiple factors, including those which are unique to an individual and those which are randomly generated and have time-limited use, create a level of security that’s almost impossible to break, but which is applied very easily by the end-user.  

Once selected, a passwordless authentication solution is straightforward to implement, designed for remote management, and easy and fast for non-technical people to use multiple times a day. It is not expensive to implement and it is the ideal complement to cloud-based computing, to which many organisations have moved as a direct result of the need for a newly distributed workforce to have shared access to a working environment, applications and data.

Consider your options

At SecureDrives we have a range of options for passwordless authentication, both with biometric and non-biometric features.

Thin-C AUTH is a biometric security key that plugs into a USB port and combines fingerprint scanning with non-biometric data.

GateKeeper Halberd sits on a keyfob or is worn on a lanyard and combines two non-biometric factors. It relies on proximity to authenticate a user.

Some people may think that implementing a biometric solution like this is expensive, but in fact, there are affordable solutions for all businesses. Selecting the right device for your organisation may well be less about budgetary concerns, and more about deciding which device is most appropriate for your business. For example, a proximity-based solution might be the best choice for situations where computers are shared, such as in manufacturing, retail or healthcare.

Here at SecureDrives, we understand how important data security is to companies. We offer a range of multi-factor authentication security keys and secure drives to ensure your data remains safe, and we are happy to advise on the right solution for any particular situation. With the latest technology and high-grade security, you can rest assured your sensitive information is safe from cybercriminals.

Speak to us today to find out more about how we can help keep your data safe and secure from hackers.