It’s a wakeup call. The digital threats are looming larger than ever. Our common login systems that were once considered safe are now the Achilles’ heel of our digital defenses.
The vulnerabilities of these traditional approaches are so in the face that they are sending shockwaves throughout the cybersecurity landscape. So much so that the US government published a comprehensive Cyber Safety Review Board (CSRB) report on July 24 to sound an urgent alarm for organizations to abandon password-based voice and SMS-based multi-factor authentication and implement password-free authentication methods.
Why the urgency?
Here’s what happened.
Lapsus$, a hacker group has been infiltrating tech titans such as Microsoft, Samsung, Nvidia, and Okta since 2022. But that’s not all. The Lapsus$ saga reads like a thriller–a group of seemingly teenage hackers use audacious tactics to overwhelm key employees with relentless authentication requests, even in the dead of night, until they receive a begrudging "yes." They even masquerade as helpdesk personnel, manipulating targets into approving these multi-factor authentication (MFA) prompts.
But it doesn’t stop there. Lapsus$ resorts to fraudulent SIM swaps, impersonating mobile users to redirect calls and messages to their own devices, allowing them to intercept MFA-related communications, further compromising security.
So, what actually is the weak link here? The password-based digital identity, of course.
What does the CSRB report say?
The CSRB report acknowledges that while MFA has evolved over the last decade, it has not kept pace with the sophistication of contemporary threats. The status quo, which relies heavily on text-based authentication methods (read password-based), is no longer sufficient for organizations and consumers facing the onslaught of attacks from groups like Lapsus$.
So, what’s the solution? The report advocates a paradigm shift toward secure-by-default, passwordless solutions.
For MFA to be effective in countering the cyber-attacks, they need to be phishing-resistant. What we need right now is a digital ecosystem that’s cryptographic, tamperproof, and participative in the authentication process with the ability to perform a mutual authentication before it can trigger the MFA. Now that holds the key to a more resilient and secure digital future.
Fortytwo Labs has been working with enterprises to transform their password-dependent environment into password-free, and quantum-safe digital trust ecosystem.
Fortytwo Labs’s I-AM: A Password-free Phishing Resistant MFA
The patented I-AM technology has been delivering password free cryptographic digital identity, mutual authentication with MFA and secure access from a single platform.
It has a 3-stage approach to achieve a passwordfree digital trust ecosystem that is beyond authentication and more.
Stage 1: Enable a password free cryptographic digital identity to each participating entity.
Stage 2: Enable quantum safe mutual authentication and top it up with the phishing resistant I-AM MFA password-free stack
Stage 3: Enable VPNless zero trust secure remote access with I-AM’s ACCESS42 technology
I-AM’s cryptographic passwordfree digital identity fulfils the vision of a secure and passwordless future. Here the digital identity is private, unportable and non-understandable to a human; the complex cryptographic key is dynamic and keeps changing every time for each session.
This makes I-AM ID self-sustainable to execute an authentication that’s phishing-resistant and that’s the solution right there.
Contact Fortytwo Labs to learn more about I-AM technology and how it can overhaul your entire authentication system to make it phishing-resistant to hacker groups like Lapsus$.