September 30, 2019

Identity Theft: Not "If" But "When"

There are a few things in life that are inevitable. Death and taxes come to mind as the most well-known. Eating, drinking, breathing and the need for shelter also top may lists. Unfortunately, in today’s digital age a new one can also be added to the list. Specifically, that every password you have ever created, or have yet to create, will at some time be compromised.

Digital Identities Are Persistently Attacked

Your login credentials have been compromised. Your passwords have been hacked no matter how complex you’ve made them. Two-factor security is temporal, causes high friction and can be easily intercepted during transmission.

Current multi-factor authentication (MFA) security solutions lack context and rely on too few attributes. Your biometrics are binary, and regardless of how safe a fingerprint or retina scan appears to be, it can be spoofed and cannot be reset, ever. And, there are few, if any, solutions that continuously validate your identity post-authentication. 

Bottomline, as stated above, is that we live in an age where every credential is persistently under attack, so now it is just a matter of separating out what can from what can’t be prevented in order to develop your identity access management strategy effectively.

The Question Is Not If But When

As of June 30, 2018, it was documented that 4.2 billion of the 7 billion plus people in the world have access to the internet. Unfortunately, according to a recent Consumer Reports article we now have over 2 billion emails and passwords published publicly. The article is titled “Over 2 Billion Stolen Emails and Passwords Surface Online” and reports:

“The information doesn’t appear to stem from a massive new data breach. It’s more likely to be an aggregation of consumer information stolen over the years from companies such as Yahoo, LinkedIn, and Dropbox.”

The article goes on to also say:

“It’s the "enormous" size of the data set and the fact that it’s packaged in a full-service list that makes this latest security threat noteworthy, says Emily Wilson, vice-president of research for the cybersecurity firm Terbium. Though the passwords may be outdated for Yahoo or LinkedIn accounts, hackers can still try to use them to access consumers' other accounts.”

So, with 2 billion emails and passwords “served” up to the public for (mis)use, it stands to reason that at some point every password you have ever created may come back to haunt you if you are in the habit of reusing permutations of past favorites.

Continuous Behavioral Authentication Catches Identity Thieves

So, now that you understand that it is just a matter of when your digital identity will be compromised, you should understand that the only way to combat the use of those compromised credentials is to utilize some form of continuous behavioral authentication solution.

Acceptto’s eGuardian® engine continuously creates and monitors user behavior profiles based on the user interaction with the It’sMeauthenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

With Acceptto’s Cognitive Authentication you can ensure:

  • Actionable threat analytics: Real-time, continuous identity monitoring & validation post-authentication.
  • Dynamic authentication:Adjustable, risk-based policy orchestration and continuous enforcement.
  • Credential stuffing neutralized: Eliminate account takeover (ATO) instantly with intelligent contextual MFA.
  • Continuous Authentication: Continue to validate authorization before, during and after authentication ensure no one hijacks credentials in use.

Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.

identity Access Management identity theft continuous behavioral authentication