Passwordless Authentication Solutions and what works best for Enterprises

john hertrich-01

John Hertrich


“Enterprises must implement the integration of SSO with a passwordless frontend that incorporates a full three-factor authentication. It is the correct combination of secure protocols,” says John Hertrich, President and CEO of Identité in an exclusive interview with ITSecurityWire.



ITSWBureau: Covid-19 has seen a significant increase in cyber-attacks. What role will passwordless authentication play in the post-covid-19 world?

John Hertrich: We have seen a significant increase in the number of cyber-attacks with the onset of a remote workforce since the Covid-19 outbreak. The FBI just reported that there has been a 400% increase in cyber-attacks being reported since the pandemic started and Interpol is also seeing “an alarming rate of cyber-attacks aimed at major corporations, governments, and critical infrastructure.”

The attacks are becoming more deliberate at gaining access to enterprise networks. Attackers are using a host of resources and social engineering to secure account passwords and using corporate email addresses to trick employees in giving up their cellular numbers.

All of which is used to bypass a completely inadequate SMS based 2-factor authentication process. Unfortunately, the onslaught of attacks will not end with the release of a Covid-19 vaccine.

Since the cornerstone of these attacks is based on the use of passwords, corporations must adopt simple and secure passwordless authentication to effectively protect their networks from intrusion, now and going forward.

Read More: Dell Study – Cyber-attacks and Disruptive Events Spike amid COVID-19

ITSWBureau: In the remaining half of 2020, what will be the emerging trends in passwordless authentication solutions?

John Hertrich: A key trend emerging during 2020 is the adoption of passwordless Full-Duplex Authentication, which delivers a highly secure authentication sequence. This provides an authentication process that is simple enough for diverse users and is secure enough to stop impersonation and replay attacks.

The process of Full-Duplex Authentication requires the validation of not only the user, but also the connecting service provider. This is critical due to the proliferation of phishing attacks that have escalated in 2020.

ITSWBureau: What other apps do you feel, when integrated with passwordless authentication, will ensure higher cybersecurity of the enterprise?

John Hertrich: The deployment of SSO is certainly ideal since this represents the biggest risk to the enterprise. SSO tools reduce the number of passwords to one, but this is still one password too many. Corporations that have implemented SMS OTP as a second factor have added more complexity and created a false sense of security as this approach is easily compromised.

Read More: Malware and Phishing Attacks – Scammers Are Misusing Stimulus Payments

Enterprises must implement the integration of SSO with a passwordless frontend that incorporates a full three-factor authentication. It is the correct combination of secure protocols. In order to secure the enterprise, the CIOs and CISOs should ensure that enterprise users have at minimum, three components:

1) Something they know, such as their user login and not their traditional password,

2) Something they have, such as a mobile device containing their private key, and

3) Something they are such, as a user biometric.

These are essential to securing an enterprise’s most vulnerable online assets.

ITSWBureau: What do you think about the collaboration between CISO and CDO to create passwordless authentication solutions?

John Hertrich: The collaboration between the CISO and CDO is critical to protecting brand integrity. Data breaches, especially those involving stolen credentials, are a detriment to the integrity of a brand.

Twitter saw $1.3 billion in market value vaporize as a result of the July 2020 hacking of a few dozen high profile accounts. Regardless of this being an insider job, simple precautions could have prevented the penetration of such hackers.

The cost of a data breach doesn’t stop with a corporation’s share price. Since the disclosure of the Equifax data breach of 2017, which compromised the sensitive personal information of 148 million US consumers, the cost has escalated to over $1.7 billion. Beyond the easily measurable dollar cost is the casualty of the consumers.

Read More: Patient Data Breach – Cybercriminals Targeting Healthcare Organizations

For example, 83% of consumers in the US claim they will stop spending at a business for several months immediately after a security breach and 21% stated they would never return to that business.

John Hertrich is President and Chief Executive Officer of Identité; a security company focused on making authentication simple, secure, and passwordless. In addition to Identité, he has established multiple companies, including Professional Software Associates (PSA), Inc., which delivers professional services globally through offices in the United States and Europe. He was a founder of Zinc Software Services, Inc., which was acquired by Wind River Systems (NASDAQ-WIND) in 1997. Mr. Hertrich has a degree in Mechanical Engineering from Michigan Technological University.