Defending Secure Authentication Processes Against Attacks

Written by: John Hancock

What Is a Secure Authentication Process?

With data breaches and cyberattacks becoming increasingly common, it is more important than ever to ensure the “gates to the kingdom” are properly secured. Much of what we access on a day-to-day basis is locked behind some form of authentication, whether that is the passcode on your phone, the fingerprint scanner on your laptop, or the password on your email. Each of these securely protects your sensitive and private information behind a lock and key. Unfortunately, there are several ways an attacker may try to break through your secure authentication processes.

What Kind of Attacks are Common?

As the security professionals like to say, “Hackers don’t break in, they log in.” In the digital age, the weakest link is often the employee themselves. Typically, attackers are not wasting time exploiting a complex issue when they easily can go after the person who has set their password as the current season, the year, and a symbol thrown in. According to this report by Unit42, 62% of attacks start from credentials that are stolen or compromised. Phishing is the most common point of initial compromise overall, with brute force and reuse of previously compromised credentials also high on the list.

An attacker might try to send you a compelling email offering you a free reward or scaring you with an urgent task you clearly forgot as a phishing attempt. They may also try the brute force route and guess simple passwords on your account and on every one of your coworkers’ accounts hoping for a successful login. Maybe they’re already on the network with you, intercepting your tokens or cookies from insecure connections through a Machine-in-the-Middle (MITM) attack, whether that connection is the Wi-Fi at your favorite café or on your internal corporate network.

How Do I Protect Against Them?

Setting a strong password policy is a good first step to mitigate any possible brute force attempts. Longer and more complex passwords are generally more secure and harder to guess. Additionally, setting a stricter account lockout policy and monitoring failed login attempts can help to prevent brute force attacks.

Enforcing a multi-factor authentication method (MFA) can greatly reduce the exposure a compromised account may have. Requiring users to accept a prompt on their mobile device or enter a generated code will prevent or slow an attacker’s ability to gain access to a user’s account, even if they have obtained their password.

If employees have many accounts spread out over multiple websites or applications that cannot be serviced by a single sign-on (SSO) solution, one solution includes educating and encouraging users to utilize a password manager to securely store their credentials. This can be an easy way to prevent password reuse and limit exposure in case of a compromise.

Another risk would be machine-in-the-middle (MITM) attacks, where an attacker is able to intercept network traffic and reuse it to gain access. For sensitive applications, consider locking these behind a VPN or only allow access while physically present in the office. This can greatly reduce the exposure they may have to compromise. Secure protocols, such as HTTPS or TLS, should be used anywhere credentials are in play.

Finally, monitoring your networks to detect the kind of rogue traffic a MITM attack may produce can allow you to catch and stop any attack before it is able to affect your network.