Off the hook – how identity-driven security stops phishing
Today, we all use a huge number of different online accounts, both for the platforms we use at work to the ones we use at home, for everything from shopping and entertainment to banking. The sheer number of logins we need to manage means that many of us tend to reuse the same passwords or create simple ones we can remember, even if we’re aware of the risks; in 2018, the two most common passwords were ‘123456’ and ‘Password’.¹
20 May 2020 / Security
Weak passwords and stolen identities – don’t risk it.
Of course, this creates a major security risk. If a hacker gains access to one account, they can use those details to access all the other accounts where that person has used the same password. As well as putting their own data at risk, this can also provide hackers with a way into the companies where they work. So it’s hardly surprising that in 2018, weak passwords and stolen identities were the leading causes of data breaches.²
But even if businesses understand that their staff’s identity credentials are a critical line of defence, what can they do to protect them? The key is to stop phishing attacks, the most common causes of password compromise, whereby a hacker uses a phony email or dummy web page to trick people into entering their credentials. But instead of trying to detect and block every domain or email associated with phishing – which is a more or less impossible task, given the speed with which they can be deployed – the best way to stop these kinds of attacks is by centralising identity management.
Single secure sign-in
A cloud directory service like JumpCloud provides every one of your employees with a single, secure sign-in for all their IT resources, including systems, servers, applications, file storage and networks. At first, that might sound counterintuitive. But instead of simply reusing the same password, JumpCloud uses a range of intelligent, context-driven authorisation protocols to authenticate your employees’ identity every time they log in – eliminating the threat posed by traditional phishing methods.
System-based password management
JumpCloud also stops phishing by taking a system-based approach to managing passwords. Phishing attacks often rely on people clicking a link in an email, asking them to change their password – for example, for their Google or Microsoft accounts. But JumpCloud allows your employees to change their password from their own system (either Mac or Windows), so they’re a lot less likely to be fooled by these kinds of phoney requests.
System-based password management also stops what are known as ‘man-in-the-middle’ attacks, whereby a hidden attacker ‘eavesdrops’ on their target as they enter their login details (or other confidential information) on a web page. If you’re using JumpCloud, your employees don’t need to use a browser-based password window, so it’s impossible for attackers to intercept their communications in this way.
More control, less hassle
JumpCloud also strengthens your security by giving you more control over the authentication process – allowing your IT admins to spot issues and act on them faster. And although your employees are still responsible for choosing and changing their own passwords, your admins can set up automatic protocols that prevent them from choosing passwords that are too short or simple, or not changing them often enough.
Unlike a lot of data security measures, JumpCloud – far from bogging workers down with extra complexity – also makes things a lot simpler. As well as allowing them to change their own passwords, instead of having to contact a help desk, Jumpcloud makes it faster and easier for your employees to access the resources they need, because they only ever need to remember one password.
We hope you found this article helpful. To find out more about how cloud identity management can strengthen your data security, make sure to check out these blog posts:
¹12018 Verizon Data Breach Investigations Report. Report. 2018. Accessed July 31, 2018. http://www.documentwereld.nl/files/2018/Verizon-DBIR_2018-Main_report.pdf.
²‘The Most Popular Passwords of 2018 Revealed: Are Yours on the List?’.” welivesecurity. December 17, 2018. Accessed December 17, 2018. http://welivesecurity.com/2018/12/17/most-popular-passwords-2018-revealed.