Passwords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?
What’s been your highlight this year? Mine was unusual: sitting in a dingy AirBnB in South London with a crack team of hackers. We ran the project as part of a white paper assessing the safety of challenger banks with our partners at WeFightFraud (you can read the alarming results here) led by the charming, cheeky and utterly terrifying Tony Sales.
While the surroundings (and the cold sausage rolls) weren’t exactly memorable, the lesson they taught me was. Because that was the day I saw Multi-Factor Authentication (MFA) completely collapse.
Hypr estimates that between 80-90% of MFA applications is hopelessly easy to breach. All those times you received a text to verify your login to Office 365 or confirmed your email on the very same device used to set up a new account; all pointless. Hackers use some sophisticated (and not-so-sophisticated) methods to bypass MFA so that it’s barely more secure than using a simple password. (And let’s face it, we’re one of the 64% of people that use the same or similar password for everything.)
Attacks include phishing, SMS OTP (those texts purporting to come from Amazon), even social engineering – where the hacker simply calls up the IT help desk and engineers the call centre staff to give up the passwords or reset them to a new mobile number – and MitM (Man in the Middle) can all yield results. And then there’s ‘MFA Fatigue’ – which involves spamming victims with authentication prompts until they grant the attacker access accidentally or out of frustration – perceiving it as a legitimate login attempt or a bug. It is a type of brute force approach to bypassing MFA that takes advantage of how approving MFA requests has become so routine that employees assume the prompts in their authenticator apps are always valid.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The global MFA and cloud computing markets are projected to grow by nearly 15.6% and 17.9% by 2027 and 2028 respectively.1,2 Password manager LastPass reported that 95% of organisations in 2021 used software-based authenticators for MFA rather than physical tokens or biometrics.
But given the higher risks of attacks – and the enormous costs in dealing with data breaches and lost business – companies need to look for alternative solutions in 2023.
Several high-profile organisations, including Cisco Talos, Microsoft, and Uber, have been breached by threat actors who have utilised this technique. Whilst MFA plays a significant part in strengthening an organisation’s cybersecurity posture, it is not a ‘silver bullet’.
As a temporary workaround for MFA fatigue, it is likely that organisations will increasingly disable push notifications of “approve sign-in” requests and seek to ensure that number matching and location-based verification is used to gain access to accounts instead.
But nothing matches the security of passwordless ID verification tools. APLYiD specialises in biometrics than can confirm a user’s identity against government and credit bureau records including PEP and sanctions checks in under 90 seconds. By including its API in your company’s authentication and login process that time can be cut even shorter and be a simple, safe and totally secure way of restricting access to your workforce. APLYiD has reduced cybercrime to the tune of over $2 billion dollars in New Zealand alone, and proven over 98% effective in cutting identity theft and data breaches.
Placing an identity ‘perimeter’ around your most valuable data, and unhackable biometric protocols in place to prevent unauthorised access, is the soundest way of futureproofing your business.
And the benefits for your workforce are much greater. No more MFA Fatigue or phishing emails gaining access to your systems. No more social engineering attempts via your IT departments. Just simple access that allows your teams to work virtually, anywhere in the world, with total security.
If we see worldwide adoption of biometric ID perimeters in 2023, then my highlight for the year will be very different. Personally, I’d love to sit in an ugly AirBnB and listen to hackers swearing when they realise they can’t break into the world’s biggest companies.
I’ll probably bring my own sausage rolls this time.
Starting 1 June 2025, all NZ reporting entities must assess, record and monitor the risk level of new clients.
Read more
If you are a Lawyer, Real Estate Agent, or an Accountant in Australia, you may be wondering what exactly this ‘Tranche 2’ stuff will mean for you in practical terms.
Read more
Press Release: APLYiD Partners with HES Fintech to Enhance Digital Identity Verification Solutions
Read more
It's not hard to scam an agency, and HMRC is on the hunt for AML negligence with £5k fines. Yikes. But there is an easy way to fix this...
Read more
As Valentine's Day approaches, love is undoubtedly in the air, but unfortunately, so is the risk of identity theft within the online dating sphere.
Read more
As we kick off the new year, APLYiD, a leading identity verification company, is navigating through changes in the regulatory landscape.
Read more
In today's fast-changing world of digital security, biometric verification has become a crucial way to authenticate identities.
Read more
What is Enhanced Due Diligence and why is it so important?
Read more
At APLYiD our mission is to end identity fraud and digital crime – that’s why we’ve made the best biometric identity verification software on the planet. But as our technology gets more sophisticated...
Read more
At APLYiD our mission is to end identity fraud and digital crime – that’s why we’ve made the best biometric identity verification software on the planet. But as our technology gets more sophisticated...
Read more
The cost of living crisis, competitive landscape and ongoing war in Ukraine are causing major headaches for the legal industry
Read more
The new 2023 plate change will come in a volatile, ultra-competitive market. Here’s how to win over those harder-to-reach customers
Read more
There are some tiny, fragile signs that the UK Property market is recovering
Read more
The accounting industry is in crisis – but with one simple software tweak it could become a fun, rewarding job once more
Read more
As interest rates continue to rise, so too do abandonment rates. By creating a better customer experience, you can cut those rates while protecting your business from fraud
Read more
The entire accounting industry is changing. For some that means new opportunities for growth and diversification; but for others the change can be traumatic.
Read more
Watch and learn with our pick of the 14 best YouTube channels to follow if you’re serious about cyber security
Read morePasswords are hacked with ease, and MFAs are not the answer. Isn’t it time the biggest companies protect their clients and workforce with an identity-based perimeter?
Read more
New to KYC? Here’s your at-a-glance guide to the ins and outs of Knowing Your Customer.
Read more
The FCA reports that the UK’s top challenger banks still don’t do enough to eliminate identity theft and cyber fraud – but there’s nothing but silence from the companies that are supposed to be protecting them.
Read more
The next year is going to be a tough one, with fewer car registrations than ever. Follow our tips to make the most of every customer and drive ahead of the competition.
Read more
Some predict a bumper year for consumer finance; other suggest the industry will suffer. Either way recessions can wreak havoc – but here are some ways you can navigate the choppy waters ahead.
Read more
Wherever you look the experts are predicting an annus horribilis for Estate Agents next year. But we’ve unearthed some ways you can beat the property market slump and thrive next year
Read more
Conventional wisdom predicts that legal firms do well in a recession. But that’s not always the case – unless you follow our top five tips for 2023
Read more
Well, 2022 was a bit of a hellscape, wasn’t it? Recessions, political merry-go-rounds, Royal dramas, problematic world cups, and the ever-present ghost at the feast that is Brexit have all left their mark on the
Read moreThere are many reasons why elite sports stars can end up poor and homeless. Drug habits, concussions, bad investments, you name it. But Cindy Brown is different.
Read more
The safest, fastest and most trustworthy onboarding process to verify your customer’s identity.
Read more
The best customer onboarding experience… and the best defence against digital fraud.
Read more
Digital-first banks attract customers with no-fee accounts and simple, seamless setups. But their appeal to fraudsters means the more seamless they get, the more dangerous they become.
Read moreThe myth persists that identity theft is a relatively harmless, victimless crime aimed mostly at the elderly and vulnerable… but the data doesn’t agree.
Read more
Our complex world and its resultant threats to businesses mean General Counsel and legal firms are getting less sleep than ever. But there’s more to it than just risk: finding the right balance can give in-house
Read more
So much of the world is under threat from scammers, bad actors – and governments that give them shelter. But we can defeat the bad guys if the good guys band together.
Read more
KYC is an important part of protecting yourself – and your customers – from fraud, regulatory breaches and bad actors. Luckily APLYiD makes KYC compliance quick, seamless and effective.
Read more
Imagine returning from a well-earned holiday and putting your key in your front door only to find the locks have been changed…. then a stranger opens the door and asks who you are.
Read more
