Humans are the weakest link in the cybersecurity chain. Where have you heard that before? Humans can be hacked! That too? Yes, I am also one of those weak links in the constant battle against malicious cyber criminals and it can be attributed to just being lazy. It’s human nature and we can easily be socially engineered into giving up our precious online user credentials to the bad guys. Without thinking, I’ll tap onto a link within my email or text message because I think I recognize the sender, and then realizing too late that I had just been phished. Then panic ensues where I start changing my passwords on every online bank, retail, and work account, all in a frenzy. Did I write passwords (as in plural) in the previous line and not the same password that I use amongst all my accounts? Another stupid human weak link move!

Then when it’s time to change my password for my work account, I try to use something that is easy for me to remember. Inevitably, I initially try using a weak password that can be easily guessed not only by me, but brute forced by bad guys! Fortunately, my company has policies in place that don’t allow me to reuse the same password from before, and once I have come up with a strong new password somehow the very first time I am asked to use it to log back into my work account I’ve already forgotten it because I neglected to write it down (because that is what our company InfoSec training tells us not to do). Then you try to reset the password you just created the day before yesterday! It’s a vicious cycle.

How do we save us from ourselves? Enter FIDO2 security keys to kill off the password! In the case of Ivanti’s Zero Sign-On, your company can implement a FIDO2 solution by using your managed iOS or Android mobile device as a replacement for the security key. It’s called device-as-identity. You already carry your mobile phone with you in the Everywhere Workplace and you can use it to unlock your Windows or Mac company-owned laptop, and it seamlessly grants you access into your work accounts in a single sign-on (SSO) workflow. No carrying your security keys everywhere that can get lost or misplaced. How cool is that?

FIDO2 is the most secure passwordless identity authenticator option out there today especially if it is used in a multi-factor authentication (MFA) system to securely access your digital work resources and services. FIDO2 leverages the stronger inherence factors with biometrics and using your mobile device adds the possession factor. On newer mobile devices you can use Apple Face ID, Android Face Unlock or Iris scan biometrics to access not only your mobile device’s home screen, but also to access the MobileIron Go authenticator app that must be tapped via push notification or scan a quick response (QR) code to grant access to these same resources. There is your MFA system right there.

You want to know a little about the technology behind FIDO2 and why it is the most secure option out there? The most notable is a password or PIN is no longer required which adds more security. The cryptographic (public key) credentials used to login to websites and online services across the internet are unique. This ensures your online privacy and adds confidentiality to your session. Your personal information remains on your mobile device and is never transmitted over the internet or stored on a server. This immediately eliminates the threat of phishing and credential theft right off the bat. Your built-in biometric scanner on your mobile device using either your fingerprint or face to validate your identity is very convenient. FIDO2 can also scale within your enterprise as your company grows by eliminating passwords and implementing one of the mature solutions in the cybersecurity hygiene best practices checklist.  

FIDO2 is part of Zero Sign-On (ZSO) and included in Ivanti’s Secure product portfolio that also includes Mobile Threat Defense (MTD) which provides multiple layers of phishing, device, network and app level protection. Ivanti Neurons for Zero-Trust Access (nZTA) adds the next-generation software-defined perimeter (SDP) secure remote access solution as a replacement for VPN, and Neurons for Patch Intelligence that now adds the RiskSense risk-based vulnerability management process to the security patching solution. All these, as well as, implementing Ivanti’s entire product portfolio which also includes Ivanti’s Unified Endpoint Management (UEM) for Mobile adds to a company’s Zero Trust security maturity model.

With credential theft and the sophisticated Pegasus spyware out in the wild, it’s no wonder that exploits like ransomware are growing by leaps and bounds. The more security impediments that your company places in front of the malicious cybercriminals, aka the bad guys, the greater chance that they will give up and seek out other targets which lack any controls whatsoever. I call that a winning formula. Learn more in my video below!

James Saturnio - Zero Sign-On FIDO2