Smartphones have become an integral part of our daily lives – who doesn’t own a smartphone nowadays? Unfortunately, with this growing reliance on smartphones comes an important concern to consider: the safety of phone authentication. While phone authentication is widely perceived as a convenient and secure authentication method, phone authentication is not safe. In this blog, we will explore the dangers of relying solely on phone authentication.
Entra CBA (Certificate-Based Authentication) is by far the best way to secure your organization via Entra MFA. In this article, we will show you how to set up Entra CBA passwordless authentication in 9 easy steps (that’s less than an hour’s worth of steps!).
The fledgling state of the IoT industry often drives manufacturers to prioritize speed over security, hastening to introduce their products before ensuring robust protection. Consequently, they might resort to hardcoded credentials or delegate security responsibilities to hardware vendors. Such lapses present a goldmine for hackers. Click here to learn the best ways that you can improve your Azure IoT device security!
Azure Verifiable Credentials are Microsoft's response to the question of how you can validate that your new employee is who they say they are when they are onboarding to your organization. They even want to go further and have organizations such as Universities add the person's degrees and other information into verifiable credentials, which would allow organizations to validate the education of the person. Check out this blog to learn all you need to know about Azure Verifiable Credentials and how to use them for remote passwordless onboarding.
Let’s cut right to the chase – if you want your organization’s cybersecurity posture to rival that of any organization in the world, phishing-resistant MFA is the way to go. Why? With unphishable MFA, there are no passwords for hackers to steal! No matter what steps you take to make a password "strong," there are always hackers who can take it from you. That's where phishing-resistant MFA (or, unphishable MFA) steps in.
For experts well versed in Microsoft Active Directory, the natural inclination is to domain join Linux Virtual Machines (VMs) with Active Directory. The appeal and logic here is in centralizing Linux endpoint management; however, aligning Linux with a system originally intended for Windows can bring about a "metric f*%$-ton" of unexpected challenges... such a having to run a bunch of highly-privileged agents to emulate Windows, or having to debug from a Linux machine. ...It’s a royal P.I.T.A. The following will give you the quick and dirty as to the best way to do this, which may be counterintuitive to your preconceived notions.
With the rising costs associated with cybercrime, many insurance providers have stated that companies seeking cyber insurance need to take measures to reduce the risk of cyberattacks against them being successful. If organizations adhere to this ask and take precautionary cybersecurity measures, there is a reduced chance of a successful cyberattack and, as such, a reduction in the sum of payouts from the insurance providers. This seems like a win-win, but how can companies best take these precautions? By implementing MFA.
While we certainly do appreciate discussions around tech-driven security, we're convinced that the advancement in present-day authentication and the future of Zero Trust authentication isn't merely about the method, but it revolves around the system. Even top-notch security is ineffective if end-users find it cumbersome and IT struggles to implement it. Basically, what we're trying to say here is that, yes, the method in which you choose to authenticate is cool, but the PROCESS associated with that method has much more impact on all facets of your business. Click here to learn more about how we need to rethink authentication.
Deciding to go passwordless is one thing, but deciding HOW to ACTUALLY do it is another thing altogether. We’ve done our best to summarize the major redeeming qualities of the three most prominent passwordless authentication methodologies - Certificate-Based Authentication (CBA), FIDO2, and Phone. Check out this blog for a high-level synopsis of each authentication method, their ideal use cases, and other key characteristics regarding their employment.
Passwordless authentication and multi-factor authentication are often mistaken for each other. While passwordless is a subset of MFA, MFA is usually used to refer to authentication methods that involve a password as one of the two factors. Conversely, passwordless authentication does away with passwords altogether. If an intruder gets hold of any authentication aspect, they still can't access the account unless they also control the user's phone or hardware key.
Not going to lie, I procrastinate A LOT, and one of the ways I do it is spending time on Reddit. One of the subreddits I spend a lot of time on is the r/YubiKey, and in there I see people asking all the time if YubiKeys are unphishable, and the answer is - it depends on which features you are using. So, let’s break down each of the YubiKey’s features and see which ones are unphishable.
In today's day and age, secure communication is essential for protecting sensitive information and preventing cyber-attacks. One common way to achieve secure communication is by using the Secure Shell (SSH) protocol, which is a widely used cryptographic network protocol for securely exchanging data over a network; however, not all SSH implementations are the same. In particular, there is a difference between traditional SSH and zero trust SSH. In this post, we will explain what zero trust SSH is and why most compliance certifications, such as PCI, require SSH key rotation.
If you’re reading this, you are probably looking for a way to secure your Azure AD (Entra ID) identity with conditional access, multifactor authentication, or network authentication and probably looked at Duo; however, either their pricing or user experience has you looking at an alternative. Luckily, we are here with the alternative, and the best part of it is that it is (mostly) free (or you are already paying for it without knowing it)! Read here to find out all you need to know about the best Duo alternative for Entra ID!
If you are reading this, it’s almost certain that you’ve been tasked with helping your organization go passwordless. Perhaps it’s because Management heard that compromised passwords play a key role in 80+% of cybersecurity breaches, or maybe it’s because of the cyber insurance incentives and discounts for going passwordless. Why you are here is not as important as what you are going to learn. In this guide, Keytos will guide you on how to go passwordless in Entra ID (Azure AD), from all the “gotchas”, to links, to step-by-step guides for each process, to the pointers that helped us follow Azure Identity best practices and go fully passwordless.
2FA and MFA are some of the best ways your organization can protect users' accounts without going passwordless, though we at Keytos are massive proponents of passwordless authentication. Some of the best ways to implement MFA are hardware keys (such as YubiKeys) and apps (such as the Microsoft Authenticator app). While these MFA methods are fantastic, they have one glaring flaw – as physical devices, they are able to be lost. It is not hard at all to imagine someone losing their YubiKey or their mobile device somewhere, somehow – so, what happens if an employee loses their device?
Passwordless authentication seems to be the talk of the cybersecurity world as of late! Going passwordless is a great way to bolster your organization’s cybersecurity posture due to the problems with using passwords and general inefficiencies of other authentication methods. While passwordless authentication is known as the most secure form of authentication out there, is it unphishable? Check out this blog to find out!
Unlike solutions such as Multifactor Authentication (MFA) and Single Sign-On (SSO), which still cling to passwords in some way, true passwordless authentication waves them goodbye. Everything is done without a single password in sight, eliminating one of the most vulnerable attack vectors. It's about time we step into the future of secure access. Check out this blog to learn all you need to know about true passwordless security.
Passwords have been around for decades and are a well-established form of cybersecurity – that is, until hackers started figuring out more and more ways to get around so-called secure passwords. So then, what is the problem with using passwords? Simply put, passwords lack the high levels of security necessary to combat the ever-advancing technology accessible to hackers and bad actors. In 2021 alone, over 6 billion credentials were leaked, and more than 60% of breaches were caused by stolen credentials. That is simply unacceptable. But what is the reason why passwords are not secure?
Passwordless authentication is a scorching hot topic in the cybersecurity world. The name seems self-explanatory - there are no passwords - but how exactly does passwordless authentication work? Check out this blog for a high-level overview of the inner workings of passwordless authentication.
Hardware keys (like YubiKeys) are great ways to go passwordless – in fact, we’re such huge fans that CEO Igal Flegmann has two whole keychains dedicated to YubiKeys! One of the pain points surrounding YubiKeys, though, is the shipping process. At Keytos, we believe that passwordless authentication is the future and nothing should get in the way of implementing it, so we’re here to make shipping YubiKeys worldwide easy. Check out this blog to learn how shipping YubiKeys is made easy with Keytos.
Data breaches can stem from a variety of reasons, but some consistently emerge as the most typical or common culprits. Breaches have evolved from isolated incidents to headlines that regularly dominate the news cycle. From deceptive phishing schemes to the sheer negligence of cloud configurations, the avenues for breaches are broad. With household names like LinkedIn and the UK's National Health Service falling prey to cyber-attacks, no entity seems immune. In this post, we'll delve deep into the four most common types of attacks associated with data breaches, providing real-world incidents that exemplify the gravity and repercussions of such vulnerabilities. Strap in as we navigate the treacherous waters of cybersecurity shortcomings.
This post takes a look at the high-level steps associated with the process of deploying FIDO2 keys efficiently in a cloud-only environment. Additionally, we'll guide you through the maze of choices, pointing you towards the most credible vendors and solutions available in the market.
The short answer is exactly that - short. Yes, Azure does support FIDO2. As there always seems to be with Microsoft, though, there is one glaring exception to this rule. Check out this blog to learn more about this exception and why your organization should start using hardware keys!
The growing demand amongst businesses of all shapes and sizes for passwordless authentication has brought FIDO2 to the forefront of the cybersecurity community. As businesses continue to adopt hybrid work environments, there is an increasing need to find solutions that integrate well with both on-premises and cloud-based systems. In the following post, we’ll discuss how FIDO2 can be implemented for on-premises Active Directory (AD) and how you can use PIV certificates to complement FIDO2 for legacy systems.
You will almost certainly encounter the question of how much YubiKeys cost on your journey of going passwordless. With CISOs becoming increasingly cost-conscious, understanding the price of security keys is a critical piece of information when it comes to selecting the right hardware for your organization. We applaud you for exploring the undisputed industry leader in passwordless solutions, Yubico, and their increasingly popular YubiKey! Read here for a detailed breakdown of the features of the various options available as well as the associated costs.
SSH certificates are the best way to avoid the many issues that come with using SSH keys. In this blog, we take a look into what SSH certificates are & how SSH certificates work.
SSH keys present a plethora of problems, and the majority of engineers have not received proper security training on the best practices. How can your organization circumvent the problems of SSH keys? Read here to find out!
One of the most common questions when going passwordless is how do you support legacy systems, While Microsoft supports FIDO2 on premises, the best solution, is to use SmartCard for legacy and FIDO2 for modern authentication.
Passwords have become an integral part of our daily lives, but have you ever stopped to think about the actual cost of using them as your primary means of authentication? I’m talking about in terms of both time & money. Well, here at Keytos, we certainly have! Read here as we delve deeper into the hidden costs associated with conventional password-based authentication.
2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication) are two of the most popular and mainstream acronyms in the realm of cybersecurity. What do they mean? Which is best for your organization? Click here to find out all you need to know about 2FA vs MFA!
Stop phishing attacks with Microsofts unphishable credentials by using PIV X.509 certificates in Azure with Azure certificate based authentication (CBA) and become a fully passwordless organization.
We’re exceptionally thankful for all that passwords have done for us; but, as things progress, we're discovering a glaring issue - passwords, as we know them, are rapidly becoming an outdated and unreliable method of authentication. Here are some of the most common shortfalls...
Going passwordless in Linux has never been easy - we get it. As a matter of fact, the history of passwordless authentication in Linux is equally as fascinating as it is triggering. Let's take a deep dive, shall we?
If you’re a Microsoft Active Directory expert, your first instinct for managing access to your Linux endpoint(s) is probably to domain join your Linux VMs to Active Directory. The TL;DR here is that this is an awful idea. You’re going to run into issues with DNS, Privileged Agents, No MFA, and just a generally not the best or most secure user experience.
When looking at passwordless options, you might have heard of PIVKey smart cards. PIVKey is a great option for passwordless authentication with a smartcard, however, it is not the easiest to onboard. This is why we created this guide to help you onboard PIVKey smart cards to Azure CBA and AD Smart Card Authentication.
With cybersecurity you are as secure as your weakest point. Therefore, if you implement Azure passwordless and use TAP to onboard, attackers will target your TAP issuing process to gain access to your infrastructure. Learn how to remove the human from this process and use self-onboarding to passwordless authentication.
When looking at passwordless options, the first option that comes to mind is YubiKeys. While they are awesome once you issue them, they are not the easiest to onboard. This is why we created this guide to help you onboard YubiKeys to Azure CBA and FIDO2.
Passwords alone are no longer considered secure, and organizations worldwide are moving towards passwordless authentication methods. One such method is using hardware tokens like YubiKeys and the FIDO2 protocol. But how can you enable these methods for Microsoft Office 365 apps on macOS or iOS? Read this blog to learn how!
Going passwordless is no only exponentially more secure, it has also been shown to improve productivity and reduce wasted time. This page is the perfect starting point to learn more about about which passwordless method is best for you.
The number of phishing attacks has risen sharply over the years. For small businesses, relying solely on employee awareness and email filters isn't enough. The answer? Unphishable credentials. Read on to find out how unphishable credentials can help secure your small business.
The only way to stop attackers from phishing your passwords is to remove them completely. Learn how to go fully passwordless in Azure AD (Entra ID). From setting up FIDO2 and Azure CBA to creating passwordless users in Azure AD, we cover it all.
Traditional password-based authentication methods are no longer sufficient to protect sensitive company data and infrastructure. To address these concerns, Azure Active Directory (Azure AD) offers passwordless authentication to enhance protection and improve the user experience. Read on to learn more about Azure CBA and how to get started!
When looking at passwordless authentication, the two most popular options are FIDO2 and Smartcard authentication, but what is the difference between the two? Which one should you use? in this blog we discuss the difference between FIDO2 and Smartcard authentication and which one is best for each scenario.
With phishing attacks on the rise, organizations are moving to phishing resistant /unphishable credentials to protect their organizations. However, extra security is not the only benefit; they are also saving money.
As more organizations move to cloud-based solutions, the importance of secure and compliant authentication methods has become increasingly critical. While passwordless authentication methods are the pinnacle of security, they have a reputation of being incredibly tedious to set up. Learn how EZCMS can help you improve security while removing onboarding friction with FIDO2, Azure CBA, and Passwordless Phone Authentication.
SSH has become the weakest point in cloud security and hackers have noticed. Over the past few years we have seen an exponential increase of cyber attacks targeted to SSH. Organizations adopting zero-trust architecture must take a hard look at their existing identity management for SSH.
While Domain joining your Linux machines to Active Directory might sound like a good way to do identity and access management for Linux at scale. Linux was not designed for this, and in the long term it will cause more issues than it solves. The solution SSH Certificates!
SSH Keys were designed for a time when SSH was protected by a strong network barrier. With today's zero trust world a stronger passwordless identity story is needed. This is why we created the first agent-less AAD based authentication for Linux endpoints.
At cloud scale simple tasks such as SSH key management become exponentially harder to do. Large companies such as Lyft and Facebook have moved on to SSH Certificates time for you to make the jump too!
SSH has become a target in the latest round of security breaches. Learn how SSH Certificates are the best way to protect your infrastructure by removing the need of life cycling SSH keys and improving user experience.
SSH Keys have been the security standard for the last few decades. Time to modernize with a more secure and easy to lifecycle solution SSH Certificates.