Cybersecurity is top of mind for IT users. Among all the participants in the authentication chain – networks, applications, servers, endpoints, and users – users seem to be the weakest link, having caused account takeover, which cost organizations millions of dollars. Businesses spend on the helpdesk, password reset, password managers, MFA, and IdP/IAM to mitigate cyberattacks and ease the user’s burden.
Let’s analyze the “user’s burden” regarding cybersecurity. Everything users do online, and thus any activities where users engage with cybersecurity, go through the endpoint. (The user uses the endpoint to traverse the online world like users use a car to travel the roads). For our cause, users conduct just two types of logins: 1) to the endpoint and 2) everything else. This consideration has a big point: What if we let the endpoint take care of “logging to everything else”? Would it ease users’ burden, big time? And is the endpoint capable of doing that?
In the online world, everything is data. Even if you see something on a webcam, the image is, in reality, data that can be manipulated, for example, while traversing through the network. And so, all that users can offer regarding Authentication – the famous MFA, “what you know, have and are” – are not suitable online. The technology which best brings trust into data is cryptography. At this stage – and probably well into the future – state-of-the-technology authentication protocols like FIDO use public key cryptography! Something the endpoint can perfectly do – and users cannot. So yes, the endpoint can do this perfectly!
There is, perhaps, another concern. Who can verify that the user is using the endpoint? The issue is not that the services are provided to the authorized endpoint, but it’s used by the wrong user. The answer is more obvious than you might think.
What is in the best position to verify the user? What has been doing this verification since the earliest personal computers? It has not been the server, application, or network. It has always been the endpoint that requires users to login and re-authenticate after inactivity and monitor users’ typing behavior, proximity, etc. It’s the capable endpoint! Some services might require explicit user local gestures or MFA, and the endpoint can do this best! I like the comparison to the self-driving car: It frees you from doing work you don’t want to do, but if you wish, you can!
As technologies advance, cars can do more and can now free users from driving, even if this will take some more years to perfect. Similarly, the endpoint can perfectly authenticate to everything on behalf of users – today! The built-in crypto chip, including manageability to support multiple users on multiple endpoints – technologies like these allow MagicEndpoint to finally free users from having to do online Authentication, something the capable endpoint should do in the first place. To this point, it has been the industry, the solution providers’ fault that users have been placed at risk of being the weakest link in cybersecurity!
Enjoy WinMagic’s three videos, demonstrating the power of the capable endpoint.
MagicEndpoint Passwordless Authentication – YouTube