passkeys

Say Goodbye to MFA and Say Hello to Passkeys

16 July 2024
Get in touch

Share on social..

The Up-and-Coming Tech That Will Become the New Normal

Phishing remains the most lethal hacking method deployed by cybercriminals to target individuals – because it’s still proving so successful for them (unfortunately for us).

Phishing was responsible for 84% of cases when a business was breached in the UK last year.[1]

To err is human, and each and every one of us is vulnerable to making a mistake – even the experts.

The question is not only how can we reduce the risk of human error, but also, what can we do to reduce the damage when a mistake is made?

 

MFA Alone Can No Longer Protect Your Business in 2024

Multi-Factor Authentication (MFA) was created to bolster the security of the original username-password combination after hackers developed technology to crack most passwords.

MFA security measures include SMS/email one-time passcodes, authenticator apps, and biometric technologies like touch ID (fingerprints) and face ID on phones.

MFA should now be a non-negotiable requirement for businesses (and individuals alike). Today, basic MFA is considered a baseline security measure, and businesses that fail to implement it across all their work applications are left exceptionally vulnerable to cyber threats.

Here at Lumina, we will refuse to take on a business as a client if they refuse to implement basic MFA security.

Inevitably, hackers have evolved their methods, and there are now ways for MFA to be breached.

As a strategic IT provider who are experts in cybersecurity measures and risk management, we have recently been banging the drum about how vulnerable using MFA alone has become.

 

For more detailed information on how MFA can be breached, please see our blog:

The New Reality: Why MFA Alone Won’t Protect Your Business in 2024.

 

 

Phishing is the most successful hacking tool because it relies on human error, so cybersecurity experts at the big tech companies have been working tirelessly to create tech-based solutions to mitigate this risk.

No matter how a hacker gains access to a company’s resources, they will do so through stealing login credentials and by using their own device to begin their attacks.

So, what if we can prevent credentials from being stolen and block unauthorised devices from accessing company systems?

The great news is that anti-phishing technology does now exist!

There are now multiple new security measures that are being rolled out by the big tech companies, and by IT providers like us as part of our PRISM Business packages.

The main one is Passkeys.

 

What are Passkeys and Why Will They Become the New Normal?

There are approximately 30 billion devices in the world today. Your system needs to know that it really is you, or anyone authorised, that is attempting to access company resources.

Passkeys can now help with this.

Passkeys are a new technology that essentially ties a login to a specific device.

They serve as digital credentials that allow access to websites or applications without the need for traditional username-password combinations, and/or MFA.

When a user chooses to set up a passkey for a website/application, two digital ‘keys’ are created. One is private and one is public, and they are then used to authenticate access.

The public key will be stored on the website/apps site, and the private key is stored on the user’s own device that was used to set the passkey up. The public key contains no sensitive data and is effectively useless without the private key.

When using a passkey to sign in to a website/app, the public key on the site must be matched with the private key on the user’s device. The technology is just checking that the two keys match – no secret authentication information is transmitted during this exchange, so no credentials can be stolen.

When a user logs into a website or an application via a username-password combination, the site compares the entered password to the copy they have stored in their database. The password that is stored by the site/app can easily be stolen if that site is compromised.

As passkeys cannot be stolen and because they tie login credentials to a specific device which stops any old device from logging into the account, this gives them a much greater level of security than the username-password combination and MFA.

Essentially, passkeys cannot be stolen via phishing.

 

Just last week (at the time of writing this in July 2024), Google made Passkeys available to all their users, and others will soon follow. Goodbye MFA! Google Have Rolled Out Advanced Anti-Phishing Security to ALL Users

Cybersecurity Still Needs a Multi-layered Approach

While passkeys offer much higher levels of phishing resistance because they are tied to specific devices, there will still be some vulnerabilities because no security measure is 100% hack-proof.

Just like with the username-password combination and MFA, organised cybercrime groups with the state-backed financial resources they have behind them, will eventually find ways to overcome passkeys.

There are conversations happening amongst cybersecurity experts about the role AI and deep fakes could play in future identity theft, but right now it is too early to tell what the impact could be.

Additionally, there are also discussions about how hackers could still get around passkey logins via the usual ‘adversary-in-the-middle’ (AitM) attack to create a fake login page with the passkey option deleted, and force users to select the usual password and MFA login and steal the credentials the way they usually do. A way to combat this however would be to only use the passkey and/or any other stronger authentication option for logins (see below) and completely eliminate the need for username-passwords and MFA.

For a deeper dive into ‘adversary-in-the-middle’ (AitM) attacks and how they are carried out, please see the blog: The New Reality: Why MFA Alone Won’t Protect Your Business in 2024.

While passkeys are new and offer a much greater level of security to your [business] accounts, it must continue to be stressed that cybersecurity still requires a multi-layered approach and staff security awareness training continues to play an integral role.

As cybersecurity experts, it’s good to be excited about new technologies, but you have to do so while continuing to look over your shoulder. It will always be a cat and mouse chase between us and cybercriminals.

 

Additional Information

Although Passkeys are the new up and coming technology and they continue to be rolled out as a more effective security measure for both business and individual accounts across the web, they are just the start.

There are additional security measures that we are rolling out as part of our PRISM Business packages, to be used in conjunction with passkeys as part of a multi-layered security approach.

Check out our white paper to discover what other new security measures are available in the fight against phishing attacks.

What our customers say

Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.

Luke Harrison
Keidan Harrison LLP

Lumina have supported us so well through the difficult circumstances of 2020.  They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully. The support team are very friendly and knowledgeable, and have excellent response times.

The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.

Robin Illingworth
Managing Partner, Adams & Remers LLP

The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.

Martin David
Technical Director, Trap Oil Group plc

Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.

Carolyn Addison
Corporate Fundraising Manager, The Hospice of St Francis

Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.

Katherine Roe
Chief Executive Officer, Wentworth Resources PLC

The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.

Patrick Agar
Lambert Energy Advisory

It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.

Cindy Withey
Connect Dacorum

Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.

Stephen Pembury
Hawkstone Management Services Ltd

Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.

Charles Douglas
Managing Partner, Charles Douglas Solicitors LLP

The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.

Adam Helmy
Amoun Travel & Tours Ltd

Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.

John Bell
Group Technical Director, Salamander Energy plc

Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.

Clementine McKinley
COO, Perrett Laver Limited

Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.

Simon Lucas
Managing Director, Society Limited

The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.

Joe Menendez
CEO, The Vita Group

We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.

Holly Cottingham, Vintec Laboratories

We’ve been so well supported by Paige and the Lumina team. They’ve been highly professional, very responsive, friendly, supportive. It’s really validated the decision to engage an IT partner, and we’re glad it’s with Lumina. 

Bruce Storey
Chief Operating Officer, Estu Global Ltd

Discuss your business needs today

Get in touch Schedule a call