Team Up to Secure Against Compromised Credentials with SSO and Passwordless
Today, compromised credentials are growing as one of the most common causes of data breaches. Passwords that are easily detectable or reused often are vulnerable to phishing attacks. There are already upwards of 11 billion credentials leaked out there, so what can you do to stay vigilant against credential stuffing and other attacks using compromised credentials?
Captain Marvel, Captain Monica Rambeau and Ms. Marvel are no strangers to facing monumental threats. But when faced with an adventure of galactic proportions, these Super Heroes know that they’ll be stronger by working together.
A smart user, when faced with the risk of stolen credentials, knows better than to face this threat alone. Instead, they turn to single sign-on (SSO). Designed to reduce login friction, SSO connects users to multiple apps with a single login. This lowers the number of passwords users must remember (or re-use, as is often the case). It’s also the foundation for a passwordless future, powering-up phishing resistance and user experience to defend against attackers.
In today’s blog, we’ll unpack how you can use SSO and passwordless to defend against stolen credentials. And be sure to tune into our webinar – Authenticate Further, Defend Faster with Higher Security from Duo – to learn how the combination of MFA, SSO, and Risk-Based Authentication empowers you to authenticate more securely and defend with swiftness. You can walk away with limited-edition shades so you can protect what matters in style. *
Don’t miss out on Marvel Studios’ The Marvels, only in cinemas November 10th!
The problem with balancing many identities
Conventional passwords create separate lines for each account. The average business user must log in with as many as 190 different passwords to prove their identity across applications, servers and other access points. While multi-factor authentication is a powerful tool to protect and verify a user is who they say they are, having to repeatedly authenticate introduces unproductive security friction. It also increases the risk that users will duplicate credentials with each new app they have to create a login for — because, really, no one wants to remember 190 truly unique passwords.
And what happens when users decide to make their lives easier by re-using familiar credentials?
What is a credential stuffing attack?
Credential stuffing is a type of cyberattack where an attacker attempts to use stolen credentials to log into multiple websites or cloud apps. These attacks usually follow a straightforward pattern:
The attacker obtains a set of credentials, either in a breach or on the dark web.
The attacker adds these credentials to a botnet that automates the process of trying them on multiple cloud sites.
The attacker finds a cloud app or a website where these credentials grant them access to protected resources.
The sheer volume of readily available credentials, users’ tendency to re-use passwords across multiple websites, and the ability to automate the attack itself makes credential stuffing a relatively low-effort endeavor for attackers. And once they hit on a resource/credential combination that works, attackers can do everything from locking legitimate users out of the system to exfiltrating data.
At the end of the day, security teams face a dilemma. How can they balance users’ needs — which include not remembering 190 unique passwords — with an organization’s need for tighter security?
Keep track of one login, not 100, with Duo Single Sign-On
Captain Marvel, Captain Monica Rambeau and Ms. Marvel are all heroes in their own rights. But they are stronger working together, facing this new galactic-scale threat not as individuals but as a team: The Marvels!
In the vein of team-ups, single sign-on (SSO) connects users to multiple applications using only a single login, giving them access to all the resources they need while decreasing the number of increasingly complex passwords they need to create (or, let’s face it, re-use). It combines simplicity with security, removing friction for users and reducing overhead password administration for admins.
SSO is more effective when it is used across multiple applications, just as superheroes are more powerful when they work together. A strong SSO federates logins to grant access to only the applications an employee needs—one way to implement privileged access policies.
Duo’s cloud-based SSO, available in all Duo editions, works seamlessly with your identity provider and Duo’s MFA to enable secure access and help protect virtually any cloud-, web- or on-premises app. Let users access the application they need with a single login experience, protected by Duo’s strong authentication and granular access policies.
Protecting your most important technologies with a touch
Whether it’s an ancient bangle or a cutting edge spaceship,the Marvels are no strangers to next-level technologies. Fortunately for the rest of us, some super identification methods like fingerprint are already modern-day reality.
Passwordless authentication describes a process of verifying your identity using methods like biometrics, security keys or specialized mobile apps. When connected to an SSO solution, passwordless technology removes credentials from the login process altogether.
A lot of factors play into a strong password—maximizing a combination of letters, numbers, and symbols to minimize the likelihood of brute-forcing or plain guessing. With a lot of passwords for a lot of systems, passwordless is a triple-threat: a more frictionless login experience, while reducing administrative burden and, of course, decreasing overall security risks for your organization.
Taking your security to the next level
The journey to a password-free environment is not always straightforward. It takes time (and likely a few phases) to secure access for the workforce, with each step taking you closer to a fully passwordless future.
Luckily, implementing a strong MFA and SSO solution already puts you on the fast track to fewer passwords. Duo supports password-free open standards, such as WebAuthn, as MFA methods for SAML applications. Available in all Duo editions, this functionality lets organizations establish a passwordless login workflow for cloud apps, without ripping and replacing existing infrastructures.
Creating the ultimate authentication team-up
Time and time again, we learn that the world (or even just Ms. Marvel’s hometown Jersey City) is too large for any one Super Hero to protect on their own. That's why the heroes work together to defeat the bad guys. Their unique abilities complement each other and create a united defense — like layering MFA, passwordless, and SSO — to mitigate the impacts of credential theft.
Curious to learn more about ways to protect against MFA bypass attacks, credential theft and compromised third-party security? Don't miss our webinar: Authenticate Further, Defend Faster with Higher Security from Duo. As a bonus, attendees will receive exclusive sunglasses, the perfect accessory for fighting cyberthreats in style.*
Marvel Studios’ The Marvels is only in cinemas on November 10th. You won’t want to miss it!
*Only available in the US. While supplies last.