December 07, 2022
The small and medium business (SMB) make up a significant portion of global organizations; there are currently over 400 million SMBs across the globe. Unfortunately, many of them rely on traditional authentication methods such as usernames and passwords; this practice opens them up to otherwise preventable cyberattacks.
Multi-factor authentication, as the name suggests, is a strong customer authentication solution wherein a login attempt is protected with additional layers of protection. These layers could range from SMS one time passwords (OTPs), codes provided via phone calls, dedicated apps, or (even better) device hardware-based biometric authentication. A leader in biometric authentication is FIDO, short for Fast Identity Online. FIDO2 passwordless authentication is the de facto authentication standard that has been proven to offer protection against account takeovers from phishing and other such credential-based attacks.
While the benefits of a strong customer authentication solution such as multi-factor authentication have been proven, less than 50% of SMBs have actually implemented multi-factor authentication. What’s more, of the businesses that haven’t implemented multi-factor authentication yet, over 45% of them did not understand multi-factor authentication or see the benefits in it.
Here’s an example of how multi-factor authentication, especially FIDO2 biometric authentication, can help protect online accounts. Hackers gain illegal access to password-protected systems through attacks such as brute force attacks, phishing, or even purchasing breached passwords on the dark web. Hackers would then use these illegally obtained credentials to gain illicit access to a user’s account and exploit it for financial gain.
How does multi-factor authentication help SMBs?
In the situation detailed above, multi-factor authentication would add an additional layer of authentication, such as an SMS OTP, phone call OTP or an app-generated code that the user would need to input in order to gain complete access to an account. However, cyberattacks have gotten more sophisticated, so much so that man-in-the-middle attacks and SIM swap attacks could mean that OTPs might be intercepted as well.
Here’s where FIDO2 passwordless authentication comes into play; FIDO2 biometric authentication uses customary public key cryptography to log a user into their account. In simple terms, a public/private key pair is created by the end user’s device upon registration; the public key registers with the website or online service and the private key never leaves the user’s device. This solves two problems - usability and security. A user can only login to their account through their registered device and with their biometrics, satisfying two factors of multi-factor authentication. The smooth flow, that most users are accustomed to, allows SMBs to offer their users a seamless and friction-free passwordless authentication ux, or user experience.
Multi-factor authentication frameworks
Back in May 2021, POTUS Joe Biden announced an executive order requiring government contractors and federal agencies to implement multi-factor authentication as a basic cybersecurity measure. The directive required contractors and agencies to comply within 4 months, or 180 days.
The Cybersecurity and Infrastructure Security Agency (CISA) in the US recently launched a campaign to promote multi-factor authentication - More Than A Password. Jen Easterly, the director of the CISA, said that multi-factor authentication would make users 99% less likely to get hacked, and that every American needs to implement multi-factor authentication on all their online accounts. The CISA takes this one step further by laying out guidelines to help organizations get started with multi-factor authentication implementation.
Multi-factor authentication trends
The widespread use of biometric authentication is already well underway. Earlier this year, tech giants such as Apple, Microsoft and Google jointly announced that they would be eliminating passwords as the primary form of authentication. They announced that they would instead be incorporating FIDO2 biometric authentication as a means of multi-factor strong customer authentication.
The good news for SMBs is that they do not need to invest time and money into upgrading their systems to support FIDO2 passwordless authentication. Strong customer authentication solutions like LoginID empower SMBs with simple-to-integrate APIs and SDKs that make incorporating FIDO2 biometric authentication, digital onboarding, digital identity verification and biometric mobile identity verification a breeze. LoginID further supports start-ups and SMBs by offering a free openSaaS package, helping SMBs get up and running with FIDO2 passwordless authentication quickly and easily.