Intercede use the ‘authentication pyramid’ to describe the various levels of security that differing authentication mechanisms provide, with PKI and FIDO at the top of the pyramid as the most secure due to their combination of private/public key cryptography, secure hardware, and multiple factors to identify the user.

While PKI and FIDO remain the gold standard of authentication and are widely used within security-sensitive customers such as government and defense, they are often too complex to deploy for organisations requiring a simpler, yet sufficiently secure means of protecting access to their systems and information.

The Authlogics MFA (Multi-Factor Authentication) product and associated System Agents enable Intercede to address the needs of those customers who require a range of strong authentication options that are simpler to deploy than PKI or FIDO, including hardware-based one-time passwords (OTP) using YubiKey devices, a mobile phone app and email/SMS of one-time password codes.

Many organisations are part way through their journey to strong authentication and still have a number of systems where a password is the sole, or one of, the authentication factors in use.  In these circumstances, it is vital that companies do what they can to ensure that any passwords in use follow a secure password policy and are not known to be compromised. The Authlogics Password Security Management solution comprises a password breach database, audit tool, and policy engine that allows organisations to ensure their passwords are as secure as they can be.

This extended product portfolio is available to existing and new customers as stand-alone products, enabling Intercede to address the needs of a wider market. They will also be combined into an integrated product suite enabling Intercede to offer a flexible authentication solution covering the whole range of authentication methods managed from a unified console.

This integrated offering is valuable to larger customers who currently manage multiple authentication technologies as separate deployments. It is also a vital tool for those who need to comply with US government standard FIPS 201-3 and associated special publication SP 800 63-B guidelines on matching appropriate levels of authentication to the sensitivity of the data and services being protected.

This acquisition, and Intercede’s continued focus on strong authentication and digital identities, strengthen Intercede’s position as the market leader in secure credential management and enable Intercede to deliver a comprehensive range of authentication options to a wider range of customers.

The latest version of Authlogics Password Security Management 4.1 provides complete visibility of an organisation’s password breach status. A new dashboard displays graphs, alerts, and reports regarding the historic and current passwords breach status of each user in the organisation (up to every four hours). CEO of Authlogics, Steven Hope, states, “Within days of using the system you will see your organisation’s exposure to data breaches from compromised passwords falling and in turn strengthening the security of the organisation and its assets, as well as lowering exposure to regulatory risk and helpdesk costs.”

The scale of the breached password problem is highlighted in the 2022 ForgeRock Consumer Identity Breach Report, which suggests two billion data records containing usernames and passwords were compromised in 2021, representing a 35% increase from 2020. Meanwhile, last month IBM highlighted the rising cost of a data breach from an average of $3.86 million to $4.24 million.

Authlogics Password Security Management 4.1 is an end-to-end auditing, real-time protection, remediation, and reporting solution. It provides protection against breached and shared passwords, and mitigates common identity-based attacks such as phishing and keylogging, whilst removing the burden of password resetting from users and helpdesks. It is powered by the Authlogics Password Breach Database which contains records of more than 4.6 billion previously compromised credentials.

Hope adds: “I am rarely one to quote a politician, however, when the former UK government minister, Sajid Javid, said in his final speech to the House of Commons last month, ‘Not doing something is an active decision’ it really resonated.” Hope continues: “As technology vendors, we must look for new ways to remove the factors that inhibit organisations from taking the right course of action. In the case of security systems cost, or to be more precise, the ability to demonstrate a clear return on investment is often the reason for choosing not to act.”

The money-back-guarantee is offered to any organisation that deploys Authlogics Password Security Management 4.1. Hope concludes, “This unprecedented offer, combined with our scaled pricing makes the decision to do nothing hard to justify for any organisation of any size. It is our aim to make secure authentication accessible and affordable for all.”

Authlogics PSM 4.1 is an end-to-end auditing, real-time protection, remediation and reporting solution. It provides protection against breached and shared passwords, mitigates common identity-based attacks such as phishing and keylogging, whilst removing the burden of password resetting from users and helpdesks. The solution goes beyond NIST SP 800-63B password policy guidance, validating password changes in real-time as well as retrospectively.

CEO of Authlogics, Steven Hope, comments, “It is often the case that hackers on the hunt for their next target will know far more about the password breach status of an organisation than the security teams protecting it. What is more, they are typically able to move faster to exploit the vulnerabilities of compromised user accounts and passwords.”

Authlogics PSM is powered by the Authlogics Password Breach Database which contains records of more than 4.5 billion previously compromised credentials. Version 4.1 adds a new dashboard that provides graphs, alerts and reports (up to every four hours) regarding the historic and current passwords breach status of the organisation.

Hope explains, “A lot of money is wasted on annual penetration testing, but these reports do nothing to help with a situation that can change daily. The password and broader authentication challenge cannot be solved using a single point in time snapshot. It requires proactive monitoring, reporting and the right tools to make the necessary changes.” He concludes: “With the release of Authlogics PSM 4.1 we are making the authentication status of an organisation visible and enabling security teams to prove how the system is closing doors to the bad guys.”

Have you ever shared your Netflix password? If so, you are not alone. But have you stopped to think about the impact it is having? Earlier this week, it was revealed that the streaming service has lost in the region of 200,000 of its 221 million global subscribers, with millions more expected to depart in the coming months. The resulting fall in the Netflix share price (at one point 35%) was a shock for many investors, but with many of us ‘boxsetted out’ by the pandemic, and a cost-of-living crisis looming for many, what can the company do to stem the tide?

It seems one of the big bugbears for Netflix is the habit of sharing account passwords and a survey conducted by time2play in the US, indicates just how widespread it has become. In fact, more than 50% of residents in 17 states including California, Illinois, Ohio, Texas, and Wisconsin, admitted to using another person’s Netflix account.

Some may argue that it is an innocent and victimless crime rather than theft. After all, Netflix’s revenue in 2020 was $24.9 billion, more than doubling since 2017, a trend not currently looking likely to continue. So, what harm does sharing a password with family and friends really do? Sure, the company may miss a ‘few’ dollars, Euros, pounds, and so on, but would those benefitting ever actually become a customer? I suspect for many the answer is no.

Speaking as someone that has spent over a decade campaigning for businesses and people in general to practice safe passwords, the Netflix situation highlights to me how little value is placed on the password, yet how costly they are. This is especially true if there is no perceived risk to the person who owns that credential. You only need to look at the lists of the top four passwords – “123456”, “123456789”, “Qwerty” and of course “Password” – to see how much effort goes into devising something un-hackable!

Poor password practice is of course not isolated to streaming services, it is commonplace in a busy workplace. How often have you said or been asked ‘Can I borrow your login details as mine are not working?’. To make matters worse, with so many people still working from home, usernames and passwords are copied and pasted into emails, SMS, and chats with little thought of the consequences.

So, when Netflix warned that prices would need to rise if the rules continued to be broken, I was struck by how they were able to communicate to the global masses in a matter of days, the link between password abuse and financial ramification, in a way that as security professionals we could never do. However, this may have the opposite effect as inflation is everywhere right now, and I suspect more subscribers may balk at an increase, cancel and switch to using illegal logins instead to cut their household costs.

The reality is that the likes of Netflix will struggle to move to a different authentication mode other than passwords for practical reasons. Would you use a streaming service that requires you to authenticate each time they want to watch, using a One Time Password, PIN, or Code for example? I think not.

While the suggestions of advertising revenue may seem to plug some of the Netflix revenue gaps, they ought to tread carefully. Paying customers don’t want to see ads, and some cost-conscious paying customers may well downgrade and accept ads to save money. However, I would urge Netflix to take a close look at technologies available that could protect its content from exploitation and piracy, without compromising the user experience of those who pay for it.

Whatever Netflix decides to do, it needs to do it quickly. The more all of us feel the squeeze on our finances the more likely we are to cancel such services or be willing to participate in the illicit sharing of passwords.  But I would also urge any organisation that uses password-based logins to look at what is happening to Netflix and ask just how much is going on in your business?

If you liked the video, please like, share, and comment below.

Follow us on social media:
✓ Linkedin – https://www.linkedin.com/company/74044193/
✓ Twitter – https://twitter.com/secreviewmag/
✓ Facebook – https://www.facebook.com/secreviewmag
✓ Website – https://securityreviewmag.com/

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!

Speaking about the new partnership, Kamber Devjianie, the Global Head of Sales at Authlogics, said, “Shifra will focus on the overall portfolio of Authlogics. Their engineers are especially excited to be the flagbearers of our Password Security Management and Passwordless Authentication solution. They will cover all of the middle-east for us and will start with UAE, Saudi, Kuwait, and Iraq where they have a strong foothold.”

Devjianie further added, “Shifra is a rare breed amongst Value Added Distributors which focuses on bringing niche technologies to the middle eastern market and making it really successful. We are truly excited to be partnering with them and will support them in every way we can to make Authlogics a great success in their region.”

A majority of data breaches are still a result of weak, stolen, or unused passwords. The adaption of cloud technologies and mobile enterprises has increased the risk associated with using traditional authentication techniques. “Authlogics have built an innovative suite of solutions that provide strong multi-factor authentication, passwordless authentication, and single sign-on solutions that are simple to deploy and use,” said Mohammad Ismail, the VP of Sales and Marketing at Shifra. “Authlogics fits well within our Identity centric solutions and we look forward to building a long-lasting partnership for the ME region. Shifra will provide extended support to Authlogics customers and partners with an on-ground team of qualified cyber security specialists.”

Authlogics also announced that it intends to work closely with Shifra to develop its channel community in the region. “We are already looking to invest in a number of resources to work with them in the region to support business development as well as marketing and technical support,” explained Devjianie. “We are heavily focused on our Passwordless and Password Security Management solution as the region is already warmed up for the uptake of a more convenient way of authentication. We have already made a very good presence in the region in the past couple of years and hope nothing but the best from working with Shifra.”

How was 2021 for the industry and your company?
While other industries have struggled as the COVID-19 pandemic continued throughout 2021, the Cybersecurity industry has been in high demand as businesses have recognised how online activity has increased from both an employee and consumer perspective. With the adoption of versatile hybrid working environments, stronger security measures have been implemented to protect organisations vulnerabilities. Authlogics have played a major role in ensuring companies are better prepared and more educated about the risks of data breaches by protecting IT infrastructures from the point of a secure login and the implementation of multi-factor authentication.

What sort of opportunities did 2021 bring along?
Being able to travel again was greatly welcomed by our team, giving us the opportunity to meet with customers and partners at the GITEX Technology Week in Dubai, and acquaint ourselves with new clients in Istanbul. We have also strengthened our distributors and resellers portfolio across the globe from Italy to Germany as well as the recent partnership with Shifra in the UAE. We value our trusted partners’ network and have lots to offer them in 2022 including a new Partner Portal.

Did you face any challenges in 2021?
People’s bad habits are hard to change as they continue to practice poor password techniques across work and personal accounts. This has increased the volume of breached passwords within our Password Breach Database which is now holding well over 4 billion compromised credentials. Authlogics have given companies the ability to identify risks, receive expert advice, and remediate affected accounts across their networks with the use of advanced threat intelligence that our Password Security Management solution offers.

We have received a lot of interest and inquiries from the public sector due to the rise of ransomware and phishing attacks which have predominantly targeted areas like healthcare, government, and utility. These forms of attack have heightened the need for organisations to protect their data sources as proven by the damaging Colonial Pipeline attack this year which stemmed back to one dormant service account with one breached password.

What were your key achievements in 2021?
Our Password Security Management solution provided a wide range of new features that incorporated a dynamic Password Expiry Meter, real-time password policy compliance feedback, and daily audit reports that now allow organisations to identify and fix breached passwords across all accounts including service and dormant ones.
For Authlogics as a team, we have grown in size, got ourselves a brand new HQ, and were even awarded as an IT frontrunner at the Global Awards where overall 6000 businesses entered from 178 countries.

What promises does 2022 bring along?
Passwords will still dominate as the primary login method, at work, and at home. Unfortunately, legacy password policies and bad personal practices will most certainly continue meaning the business enablement to digitally secure risk management frameworks will become a top priority. There will be many more very public breaches, ransomware, and phishing attacks, many of which could have been avoided.

Do you see opportunities in the regional markets with new markets opening up?
Africa and Asia are becoming more proactive and cyber-aligned with the rest of the world, so we hope to infiltrate these markets and offer our services throughout. This follows on from the expanding opportunities we have been seeing recently in the middle east.

According to you, which technologies will be in demand in 2022?
Passwordless authentication will be sought after as people have more flexible work arrangements and the demand for Multi-Factor Authentication will become the norm across accounts, moving away from SMS-based methods and hardware tokens towards biometrics and AI technologies. The demand for secure and trusted apps will become more apparent.

What will be your key focus areas for 2022?
We continue to encourage companies to migrate towards a passwordless environment that is safe and secure as well as cost-effective. Companies can greatly benefit from removing the password by reducing their helpdesk costs, saving time, increasing employee productivity by simplifying the end-user login process. A heavier focus will be placed on our Mobile Push solution to include geo-location technology, as well as reporting dashboards to give CISO’s a graphical window into what their authentication posture truly looks like.

What milestones have you set for 2022?
In order to fuel our aggressive growth plan, we are seeking an investment round in 2022. This will enable us to expand our geographic presence as well as bring newer technologies to market.

What would you like to do differently in 2022, when compared with 2021?
We look forward to meeting more customers and partners face to face, as well as seeing our colleagues in person instead of only on video calls.

Do you plan to enter new markets or add new products/applications to your portfolio in 2022?
Having become well established within the MEA, we are keen to target the US market with key benefits and new features including the latest Mobile Push authentication technology. Authlogics will also give focus to consumer brands, offering them the ability to detect and prevent user fraud within their organisations with the assistance of our advanced intelligence-based Password Breach Database technology.

Despite the possibility of supply chain catastrophes, vaccine vulnerabilities, and cryptocurrency corruption around the globe in 2022, there will be wedding bells and new arrivals to celebrate amongst the Authlogics team, we look forward to embracing 2022. Passwordless is the future, and we will continue to move businesses towards simplified and secure authentication methods to achieve this.

If you liked the video, please like, share, and comment below.

More information: https://authlogics.com/

If you liked the video, please like, share, and comment below.

More information: https://authlogics.com/

If you liked the video, please like, share, and comment below.

Follow us on social media:
✓ Linkedin – https://www.linkedin.com/company/74044193/
✓ Twitter – https://twitter.com/secreviewmag
✓ Facebook – https://facebook.com/secreviewmag​
✓ Website – https://securityreviewmag.com/​

More information: https://authlogics.com/

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!