Stay ahead of the curve with the latest news, ideas and resources on all things Identity Assurance and Passwordless.
The Benefits of a Converged Identity Credential
Teresa Wu, Guest Author, IDEMIA
3 Min. Read | March 26, 2024
Many strictly regulated industries such as banking and finance rely heavily on identity and access management solutions to secure their systems and infrastructure. Unfortunately, as demonstrated by the Okta security breach last year, these organizations are attractive targets for hackers due to the nature and quantity of the information they handle. While hackers use sophisticated ransomware once access is gained, they obtain that access through surprisingly low-tech means: for example, by calling the companies’ help desks and, using a simple voice phishing (vishing) tactic to induce IT employees to disable two-factor authentication.
Phishing awareness and resistance play a big role in protecting customer and corporate data, but organizations need a secure solution to safeguard their systems against phishing and credential theft, mitigating these attacks before they can occur. Many companies already manage physical access with ID badges, but integrating digital access control into these badges can offer one comprehensive solution that provides:
- Photo ID for visual verification
- Access badge for door readers
- Access token for passwordless digital authentication
The Value of Security Convergence — Combining Physical Security with Digital Security
Historically, physical security and digital security have been managed separately, working in parallel. Due to increasingly complex security threats, however, organizations require a more comprehensive approach to securing both physical and digital assets to reduce the risk of breaches.
Following the 2023 breach, Okta recommended customers take several steps to better defend themselves against potential attacks by adding:
- Multi-factor authentication (MFA) to secure administrator access
- “Admin session binding,” requiring administrators to reauthenticate in certain instances
- “Admin session timeout” defaulted to a 12-hour session duration and 15 minutes of idle time
These settings provide organizations with a more secure layer of roadblocks that limit how much hackers can do once they gain access to any systems. These settings require more frequent re-authentication by users, but a converged credential with FIDO2 authentication makes this a simple and more convenient process.
The converged approach to identity management not only enables organizations to take a more holistic approach to threat management and have a more prepared security posture for preventing, mitigating, and responding to threats, but it provides users with a more convenient, passwordless solution for authentication.
Example of a Converged Credential:
Features of a Strong and Effective Converged Credential
Organizations in regulated industries need an identity solution that both complies with regulations and safeguards their operations against phishing and fraud. A converged credential streamlines security at both the physical and digital level, and includes the following features to eliminate the threat of phishing attacks:
- Secure, Phishing-Resistant Multi-Factor Authentication. Requiring more than two authentication factors increases security. Such factors may include something the user has (the card), something the user knows (a PIN), and something the user is (biometric data, like fingerprints) to provide a higher level of confidence in the authenticity of the user’s identity. This means it does not use a password, OTP or other shared secret as a factor.
- Alignment with Current Security Trends. Using a converged credential that aligns with modern security trends and standards – including FIDO2, Mifare®, and DesFIRE® – enables organizations to be confident that they comply with security regulations.
- Passwordless Experience. Replacing passwords with local authentication methods enhances the user experience while reducing vulnerabilities associated with password breaches.
Conclusion
While phishing is a relatively simple tactic, it has the potential to expose organizations to more complex and costly cyberattacks that could result in significant financial consequences, reputational harm, and customer dissatisfaction.
By implementing a phishing-resistant solution, such as the converged physical and digital access credential solution offered by HYPR and IDEMIA, organizations can be more confident in their ability to safeguard their operational and customer data from cyberattacks.
Learn more about converged identity credentials in our on-demand webinar, "Make Your ID Badge Smarter," featuring the author, Teresa Wu, and HYPR Field CTO Ryan Rowcliffe.
Teresa Wu
Guest Author, IDEMIA
Teresa Wu is responsible for the smart credential business of IDEMIA Public Security in North America. She serves as a cross-functional team lead, driving client success activities within the smart credential business, and bringing her extensive experience and domain expertise to bear on innovation, strategy, program delivery, and industry engagement.
Related Content