Fixing Broken Authentication using Adaptive MFA

1. Fixing Broken Authentication using Adaptive MFA Authentication is the method of checking that a user's stated identity corresponds to their true identity. Broken Authentication security risks are triggered by incorrect implementation of this mechanism, which results in vulnerabilities.

2. Topics We Will Cover Identity Attacks Commonly used to Exploit Broken Authentication Possible Countermeasures to Fail-Safe Authentication Resolving broken authentication using LoginRadius’ adaptive MFA What is broken authentication? 01 02 03 04 Let’s dive in!

3. What is broken authentication? Broken authentication is a concept that refers to vulnerabilities in two areas of authentication: session management and credential management. Both are known as broken authentication because attackers may use either hacked session IDs or stolen login credentials to impersonate a consumer.

4. Identity Attacks Commonly used to Exploit Broken Authentication 1. Phishing- Phishing is a type of attack that involves sending messages to random people via a medium. The majority of attackers will try to make their contact appear genuine and/or come from a reliable source. 2. Spear-phishing- Spear-phishing incorporates sophisticated social engineering, thereby creating messages that are increasingly personal and relevant to the receiving individual. Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.

5. Identity Attacks Commonly used to Exploit Broken Authentication (contd.) 3. Credential stuffing- Credential stuffing is a form of cyberattack in which unauthorised access to user accounts is gained through large-scale automated login requests directed at stolen account credentials, which usually consist of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach). 4. Password spraying- Password spraying is an attack that uses a few widely used passwords to gain access to a large number of accounts (usernames). Traditional brute-force attacks try to guess a password in order to obtain unauthorised access to a single account.

6. Possible Countermeasures to Fail-Safe Authentication • Multi-factor authentication- MFA can strike the ideal balance between increased security and minimal to no compromise in user experience. In a nutshell, MFA requires a user to prove their claim to an account (or identity) using several methods. • Secure session management- Do not include a user's session ID in the web app's URL to prevent an attacker from stealing it. These session IDs should be securely maintained when the session is active and safely destroyed until the user has demanded that the session be terminated. A session can also be closed if there has been no operation for a predetermined period of time, such as one hour.

7. Resolving broken authentication using LoginRadius’ adaptive MFA Until granting access to an account, LoginRadius' Adaptive Multi-Factor Authentication solution considers the following factors: • You're using the following device: Whether it's a smartphone or a tablet, a work device or a personal device, • The type of network you're using to access the application: If it's public or private. • The date and time you accessed the application: It doesn't matter whether it's during the day or at night.

8. Thank You! Looking for information about fixing your broken authentication?Go through LoginRadius adaptive MFA guide or contact us.