Fortifying Security: FIDO's Crucial Role in an MFA Strategy

BlogHeroImage

As the Chief Information Security Officer at Veritas, I've had a front-row seat observing the escalating tide of cybercrime. And especially the disturbing trend of stolen credentials. I want to share why strengthening multi-factor authentication (MFA) with FIDO—fast identity online—is one of the best ways to fortify authentication.

 

Rising Attacks on Multi-Factor Authentication

Credential theft is not a new tactic, but we've observed a significant increase over the past few months. Cybercriminals are not only stealing credentials but using sophisticated methods to bypass MFA mechanisms. This has led to an alarming rise in unauthorized access and hijacked sessions.

Many of my peers have expressed similar concerns, pointing out a steep rise in MFA-bypass attempts and widespread credential harvesting campaigns. Leading cybersecurity firm, CrowdStrike, substantiates these observations, illuminating four key trends:

 

  • A shift from malware usage to the exploitation of legitimate credentials
  • Rapid exploitation of publicly disclosed vulnerabilities by adversaries
  • A surge in social engineering attacks specifically aimed at overcoming MFA defenses
  • MFA and notification fatigue leading to MFA bypass

 

The Cruciality of MFA: Enhancing Security with FIDO

MFA generally secures an environment by requiring a second method to verify identity. It could be on a physical object like a key or smart card or with biometric verification such as fingerprint, retina scan, or voice recognition. 

During the recent RSA conference, Kevin Mandia, CEO of cybersecurity firm Mandiant, couldn't have put it better. He said, "The biggest bang for your buck against ransomware, or against any impactful attack is multi-factor authentication. Period."

But it's no longer enough to merely implement MFA. The type of MFA you use matters, as not all offer the same level of protection. Cybercriminals are finding new and innovative ways to bypass MFA. 

Cybercrime websites now sell MFA phishing kits, with many priced “less than a cup of coffee,” according to Matt Cooke, director cybersecurity strategy, EMEA at Proofpoint. “Attackers often rely on notification fatigue, bombarding an employee with approval requests until they finally relent.” They’re also leveraging proxy attacks, session hijacking, social engineering, and SIM swapping. 

 

Benefits of FIDO

You can strengthen security, reduce reliance on passwords, and provide a user-friendly authentication experience by incorporating FIDO into an MFA strategy. FIDO's support for biometrics, hardware tokens, and mobile devices—along with interoperability and continuous-authentication—make it a robust framework for implementing secure MFA solutions. Specifically:

  • Strong security: FIDO provides strong security by leveraging public-key cryptography. It securely stores private keys on user devices and performs authentication locally, reducing the risk of password breaches and server-based attacks. By eliminating reliance on passwords and introducing cryptographic authentication, FIDO enhances the overall security posture of the MFA strategy.

  • Passwordless authentication: FIDO aims to eliminate passwords, which are often vulnerable to attacks. Passwordless authentication enhances security by eliminating issues such as weak passwords, password reuse, and phishing attacks. Instead, FIDO utilizes stronger factors like biometrics or hardware tokens, reducing the likelihood of successful credential-based attacks.

  • User convenience: FIDO offers a convenient, user-friendly authentication experience. Users can leverage biometrics or physical devices they already have, such as smartphones or hardware tokens, for authentication. This eliminates the need to remember and enter complex passwords, resulting in a streamlined and frictionless authentication process.

  • Interoperability: FIDO standards promote interoperability between different platforms, devices, and services. This means that you can use FIDO-enabled authentication methods across various online services, providing a consistent user experience. This interoperability enables users to authenticate using the same devices or methods across different applications, reducing the need for multiple authentication mechanisms.

  • Phishing resistance: FIDO's local authentication model helps combat phishing attacks. Since FIDO-based authentication occurs locally on the user's device, it is resistant to attempts to trick users into entering their credentials on malicious websites or applications. FIDO ensures verification of authentication on the user's trusted device, reducing the risk of successful phishing attacks.

  • Scalability and futureproofing: FIDO is designed to be scalable and adaptable to evolving authentication needs. It supports a wide range of authentication methods and can accommodate future advancements in biometrics and security technologies. By adopting FIDO, you can future-proof MFA strategies and ensure compatibility with emerging authentication standards.

 

What’s Next?

As attacks on authentication continue to increase in frequency and sophistication, it becomes crucial to fortify your defenses against authentication attacks. Overall, FIDO brings significant advantages to an MFA strategy. These benefits make it a compelling choice for organizations looking to enhance security while supplying a seamless and user-friendly authentication experience.

At Veritas, we're committed to bolstering our cybersecurity defenses and helping you do the same. We support FIDO through our own products such as NetBackup and Backup Exec, and through integrations with other solutions, such as CyberArk. If you're looking to strengthen your security posture and implement robust solutions, we're here to help make it happen. Let's work together to secure our digital ecosystems against the growing trend of credential theft.

Remember, any MFA is better than no MFA. But strive for the best: phishing-resistant MFA. Don't wait; start planning for stronger security measures today.

Learn more about Veritas cyber-resiliency solutions.

blogAuthorImage
Christos Tulumba
Chief Information Security Officer