What’s wrong with verifying users when they try to access online accounts?

The industry’s longstanding approach to user verification for online accounts might seem foolproof given its widespread adoption. After all, if everyone’s doing it, it must be effective, right?

The Challenge with Traditional Verification
Current solutions typically verify both the user and, following the Zero Trust principle, possibly the endpoint when a user logs into an online account. While passwords, multi-factor authentication (MFA), and public key-based methods like FIDO and PKI have become the norm, are they truly effective against today’s advanced threats? Notable breaches at major corporations such as MGM Resorts and Caesars suggest otherwise.

For years, WinMagic has advocated that public key-based authentication — specifically between the endpoint or its peripheral without relying on an out-of-band phone — is significantly stronger than other methods. Yet, considering the complexities, required components like FIDO support, HTTPS-only protocols, user burdens, and successful attacks, we’ve introduced a new approach.

Embracing Continuous Verification
Envision a system that continually monitors both your IT device and user access. Instead of occasional user credential checks, this system provides a continuous, real-time, comprehensive assessment of device security posture and user behavior. When a user attempts to log into an online account, the system verifies that the endpoint is one it currently manages and monitors, with the respective user logged in. This approach eliminates the complexities of traditional user identity verification and MFA.

Your Existing Solution: Full Disk Encryption (FDE)
Comprehensive Full Disk Encryption (FDE) offers a robust, uncompromised method to verify both endpoints and end-users. It enables continuous monitoring, grants control over user access, and bolsters your endpoint’s security posture.

By leveraging existing FDE solutions, we achieve authentication levels superior to current methods — all without requiring any user action or burden.

How FDE’s Authentication Facilitates Secure Online Access
Your online authentication, requiring no user action, inherently satisfies MFA requirements. It mandates the use of a specific endpoint for access and requires the user’s login to that endpoint, whether via passwords, tokens, biometrics, or combinations thereof. The endpoint further extends MFA validity by safeguarding the device and activating screen locks when user presence is uncertain.

Latest technologies, like using the TPM, integrate seamlessly when the server monitors and verifies the device. The security benefits of a device-centric approach include greater accuracy in verifying not only the user’s endpoint but also servers and IoT devices, including non-human identities.

The Future of Online Authentication
Verifying a user when accessing an online account isn’t inherently flawed but falls short in today’s evolving threat landscape. Adopting continuous verification and leveraging technological advancements represent proactive strides toward robust online authentication.

The choice is yours: adhere to the status quo and risk falling prey to sophisticated attacks, or embrace a novel authentication approach that prioritizes security and removes user burden. This innovative approach is grounded in the endpoint protection solution you already have. The future of online security is here — are you ready to join us?

“Upgrade Your Security Today”: Maximize your ROI investment in FDE with Online Authentication.  Call us today to see how!

Contact Sales

Previous Post
Competitive Advantages of Pre-Boot Authentication in Passwordless Secure Authentication
Next Post
Open Letter to IT Security Technology Thought Leaders: Embracing New Approaches to Defend Against Cyberattacks, Minimizing User Burden