MFA and the Mobile Workforce (S1:E24)

July 14, 2022

MFA and the Mobile Workforce The latest episodes hands the reins over to Eric Gregg, Director of Sales at Tx Systems Inc., and Louis Modell, VP OEM Channel Americas at Identiv. The two provide valuable education on what multi-factor authentication (MFA) is, why it is more important than ever, and how it can be easily deployed to ensure cybersecurity for today’s growing mobile workforce.

Full Transcript

Speaker 1 (00:01): You're listening to Humans in Tech. Our podcast explores today's most transformative technology and the trends of tomorrow, bringing together the brightest minds, in and outside of our industry. We unpack what's new in physical access, identity verification, cyber security, and IoT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species and dive into the emerging digital experience. Join us on our journey as we discover just how connected the future will be and how we will fit into that picture. Your host is Leigh Dow, VP of global marketing at Identiv. Leigh Dow (00:43): Welcome and thanks for tuning in today. We're doing something a little different. I'm going to take a little break from hosting and hand the reins over to Eric Gregg, director of sales at Tx Systems Inc, and Louis Modell, VP OEM Channel Americas at Identiv. Eric and Lewis are going to take our listeners on a journey through multifactor authentication and how MFA stops hackers in their tracks. Louis Modell (01:06): Thanks Leigh. And Eric, thanks again for joining on the podcast today. I want to start out talking about the post-pandemic era and how it's really changed the landscape of cyber security as we see it. We know the amount of people working remotely has just grown exponentially in the last two years, but along with this growth, there's been this significant increase in the number of cyber security threats throughout all aspects of the organization. And Eric, you know this, to make matters worse, these threats are drastically increasing as these smart criminals are looking to take advantage of the situation. And what have they done? They've escalated their efforts to gain access to sensitive corporate information, personal information, and really anything they can get their hands on. They want it all and they're really stopping at nothing to get it. So, here at Identiv, we know that MFA can eliminate most of these hacks. So, Eric, what are you doing at Tx Systems to help educate organizations on the importance of multifactor authentication? Eric Gregg (02:06): Absolutely. Great question there. So, maybe it'll help to give you a little background on Tx Systems. We've been an Identiv partner, as you know Louis, for over two decades now. And we're one of the few companies, that I know of at least, whose core focus is multifactor authentication. And as a matter of fact, Tx Systems actually helped to develop one of the first windows authentication, MFA authentication solutions back in the days of Windows XP. So yeah, we have a lot of experience there in terms of MFA. And about half of my day-to-day, every single day it's about educating customers on why passwords are not secure, why MFA is recommended for authentication to sensitive data. As you know, as I know, passwords can be lost, they can be stolen, they can be phished all very easily. And that tends to be a big cause of a lot of the data breaches that we're seeing. Also, in addition to that, IT departments will struggle with password resets requests and all of that sort of stuff. So, usually too, what I see, which is pretty funny is whenever a complex password is implemented, which a lot of IT departments are using complex passwords to try and secure against breaches, but what I find is that the more complex the password, the more likely it's actually to be written down within eye shot of the PC. So, MFA, it's just the best way to diversify your risk for log on and replace the faultiness of a password. Louis Modell (03:40): Yeah. Oh absolutely. And Eric, you make some great points. And one of the things I want to do is before we start to look at these technology solutions that you kind of alluded to, we need to really look to see how we're going to help the remote workforce. And I want to quickly address a factor that has sort of plagued or challenged IT leaders if you will, and many of us forget about, and that is the human factor, right? And I think you kind of just alluded to that again, is where we know that the human factor is the primary point of attack for these cyber criminals. I think the number is something like 23 million account holders use a simple password, 123456. And as you mentioned, they write it down and it could be a sticky note right on their monitor. And also I believe that 50% of the people use the same password for both work and personal accounts. And I think we all can agree that this is probably not the best practice. Eric Gregg (04:37): Absolutely. Louis Modell (04:38): Yeah. Yeah. And you mentioned phishing attacks, right? We know this, they're rising globally, that's for sure. And it is absolutely essential for businesses to educate their remote workers on the importance of really extending these best security practices outside of the office. So, Eric, two part question for you here. So, what is Tx Systems doing to help support those remote workers? And then part two of that question is, what kind of tools or hardware do you recommend for employees to use while logging onto company systems, as well as their personal devices? Eric Gregg (05:14): Yeah, absolutely. So, remote authentication has always been something that we've focused on over the years. I would say since February 2020, when COVID hit, it suddenly required all these organizations to adapt and implement work from home policies. And a lot of them actually never planned for a mobile workforce until they were actually forced to kind of pivot there. Yeah. So, we're inundated with MFA requests from organizations and I mean, everybody now has a growing number of people who are working from home. So, we've always had solutions that tie into things like VPN access and RDP sessions. It's pretty simple for us to apply some multifactor authentication hardware, software on top of that, to secure the access there within the remote authentication. Now, one thing I do enjoy about Identiv's hardware is specifically you guys have a lot of different hardware devices that are conducive to either working at a desktop PC within a facility, or being smaller, remote form factors that can be carried around in a laptop bag, or a pocket of some sort. So, we do have a lot of different options for hardware in terms of whether users are authenticating from behind the firewall at the office, or remotely at home through VPN or RDP or Cisco AnyConnect, all that type of stuff. Louis Modell (06:43): Oh yeah, absolutely. And Eric, I mean, you and I, I don't know if the audience knows this, but we go way back, right? We've been working together for a decade plus now. And I think it's safe to say that we know, and I think our audience should know, is that passwords are weak at this point, right? I mean, it's really easy to say that users, they have to start using different methods for logging into systems, again, what you and I would call logical access, right? And then along comes MFA or this multifactor authentication that we're talking about. And we know that there are several methods of MFA available today, ranging from a text message, which we've all gotten that text message that we had to enter into a website that we were trying to access, or one of our accounts that we're trying to access, to an OTP or one time password app on the mobile device. I think there's something like Google authenticator, to, and you kind of just touched upon it, one of the most advanced cryptographic hardware tokens available today, and that's the FIDO token. Let me ask you this, Eric. So, can you provide a little bit more information or a little more background on some of the things you're seeing at Tx Systems, number one. And then of course you being the MFA expert, what is your take on the different methods of MFA that are out there and what would you recommend to our audience today? Eric Gregg (08:07): Absolutely. So, MFA just kind of breaking it down real quick is something you have like a card or a token, something you know, which would be something like a password or pin or something you are like a biometric, a fingerprint authentication, something like that. So, broadly MFA can be any combination of those three different factors. What I see mostly is a hardware device, plus either a password or pin, that tends to be the most common. And as you mentioned, the FIDO token is a great option for that. I'd say lately, FIDO has been my go-to hardware device for specifically remote authentication, because it's about the size of a flash drive. It's really small and form factor. It's ultra secure. It's built on the FIDO standard, which was created back in 2012. I believe it was created by... I'm blanking. PayPal. That's it. Louis Modell (09:03): PayPal. Yes. Eric Gregg (09:04): PayPal and Lenovo and a couple other organizations, but they created the standard and it's evolved since then. Now, we're on Fido2. You can also use Fido as a universal second factor. So, if you're entering your password into a website, let's say, the FIDO token could be your second form of authentication in addition to the password. So yeah, I really like the FIDO key for all use cases concerning MFA, but specifically for those remote users, I think FIDO's a great option. One other Fido plug there is that it does get broadly supported by a lot of different websites, such as Gmail, Salesforce, Facebook, and kind of most of the top tier banking apps. Louis Modell (09:47): Yeah. There are hundreds of them out there, Eric. Absolutely. Eric Gregg (09:48): Right. So in addition to using a FIDO token to authenticate to a Window session or authenticate to a VPN, you can also use it individually, one-on-one with these websites. So, if you don't want your Facebook password stolen, for example, you can log in a Facebook using a FIDO key plus a pin or password, and it just increases security tenfold. Louis Modell (10:10): Right. Yeah. Perfect. I mean, Eric, again just to sum up and I'll go back to I think what we know, passwords are weak, right? Users definitely need to find a better way to authenticate the systems, otherwise they are going to be susceptible to, as you mentioned, these data breaches, account takeovers, loss of data, loss of financial instruments or monies, by way of, let's say, ransomware. We know that that's out there. FIDO can certainly be the key, actually pun intended there. We know this, FIDO is really easy to implement, right? It's small in size. It's powerful in protection. Oh, another thing I wanted to mention too, the FIDO key is given the highest level of assurance, which is level three, which is given out by NIST, which is an acronym that stands for National Institute of Standards and Technologies, which is a physical sciences lab within the department of the US government. And everyone out there listening, it really is easy to start using MFA. And again, Eric, I think we've kind of summed it up here. It's really been a pleasure chatting with you. Thanks again for coming on the podcast, really do appreciate it. And if there's any last minute comments, certainly feel free to chime in. Eric Gregg (11:28): Yeah. No, I do have one last minute comment actually. I was going to mention this earlier, but we're currently seeing an influx of new MFA requests based on some new mandates. You had mentioned NIST as one that's been around for several years, requiring multifactor authentication, specifically NIST 800-171 applies to government contractors, requiring all of them to implement MFA. We're also seeing new mandates based on health insurance. Some organizations are now required to implement multifactor before they can renew their organization's insurance policies. So, we're seeing a lot of new mandates popping up that are driving the need for MFA. And I think as you mentioned so beautifully, passwords are not secure, which is why you're seeing all these different organizations now force MFA down to client. So yeah, I really do appreciate you inviting me on Louis and it's great to talk with you again and anytime I'm happy to come back and talk about something else. Louis Modell (12:35): Very good. Looking forward to catching up. Eric Gregg (12:38): Awesome. Leigh Dow (12:38): Guys, this was great. Before we let you go, Eric, we always ask if there's any additional closing thoughts on our technology-centric, hyperconnected world. Eric Gregg (12:51): Yes. Closing thoughts. The world is getting more connected and we're all a lot more vulnerable now, as things are moving to the cloud. So, as Louis and I have been talking about, passwords are not the way to go anymore. They're just too insecure, too unsecure, what have you. MFA is really kind of the best way currently to secure your network. Leigh Dow (13:15): Excellent. So great to give both of you the keys to the kingdom today. Louis Modell (13:20): Thanks again, Leigh. Leigh Dow (13:21): Thanks again for taking the time. Eric Gregg (13:23): Thank you. Have a great day. Speaker 1 (13:25): Our new IP rated, contactless smart card reader/writer is perfect for clean rooms and industrial facilities. uTrust 3700 IG combines the world class technology of uTrust 3700 F with a unique industrial grade, dustproof, water-resistant enclosure, crafted with polished high-grade plastics and ultrasonic welded seams. It stays clean inside and out. Learn more at Physical security, identity verification, the IoT, the hyperconnectivity of our lives will only grow more pervasive as technology becomes more automated and experiences more augmented. It's up to us to preserve our humanity and use new tools and trends for good. The only question is, "Are we up for the challenge?"