iVerify tackles the risks posed by password connections
MENTIS Software (www.MENTISoftware.com), the leader in enterprise security and compliance, today announces its latest product, iVerifyTM. Building on expertise in application and database security, MENTIS adds two-factor authentication to its market-leading suite. iVerifyTM is formally launched today at OHUG’s Global Conference in Orlando.
Passwords: the weakest link.
A compromised password is the easiest way into a system. Recent news includes that of a billion accounts hacked; and in May, more than 560 million stolen passwords were discovered in an online database. These are just the tip of the iceberg, and passwords are by far the weakest link in cybersecurity today.
“Passwords are old logic, security that was created long before everything was connected and accessible from the outside,” said Rajesh Parthasarathy, MENTIS’ Founder and CEO. “It’s time for a new approach, and two-factor authentication is the immediate action organizations should take.”
Until the launch of iVerify, two-factor authentication had been mostly for networks. “But the easiest entry point today is through applications and databases,” continued Parthasarathy. “iVerify deals with that by bringing two-factor authentication to applications, and we have gone further by adding 2FA for databases – something no other solution offers.”
Weak administrative credentials have been the culprit in up to 80% of security incidents. One in five people use “12345” as their password, while more than 50% use one of the top 25 most common passwords.
Many applications are installed with default usernames and passwords. Most often, the default password does not trigger a requirement to change, but grants full access rights. Default passwords like “welcome” are known or easy to guess. Two-factor authentication remediates this risk, although MENTIS recommends that customers ALWAYS change the default as a matter of protocol.
Additionally, many systems share administrative username and password combinations. Once inside, attackers can quickly map drives, identify additional targets, and acquire credentials. With administrative access comes not only access to data but lockout of authorized users and theft of or changes to data. An attack using administrative access can quickly compromise an entire network.
“Breach after breach demonstrates that passwords are the path of least resistance into a system. And with many users sharing the same password across a number of log-ins, even a requirement to change passwords regularly is no longer effective,” Parthasarathy said. “iVerify creates a second passcode that the DBA or Developer needs for access, and it expires immediately – thus preventing the sharing of passwords between employees.”
What is two-factor authentication?
Two-factor authentication, colloquially known as 2FA, is a security process in which the user provides two types of credentials to verify their identity. It is considered the best-practice for remediating the security weakness of passwords as single-factor authentication.
With 2FA, the user is required to provide two of the following three types of credentials:
Something the user knows, such as a personal identification number (PIN) or password;
Something the user has access to, such as a device to generate a verification code or answer a security question;
Something the user is, such as a biometric like a fingerprint or retina scan.
For example: with 2FA, a bank sends a one-time code to an individual’s email address, this code, in addition to the correct password, authenticates the user and allows transactions to continue.
iVerify brings two-factor authentication to enterprise database and application connections.
MENTIS takes two-factor authentication to the next level. Not only does MENTIS offer 2FA for applications and databases, the only solution to secure both of these critical entry points, but MENTIS also circumvents the risky SMS and email recovery paths. Recognizing that both SMS and email may be compromised, MENTIS instead provides an independent mechanism, one that can be hosted either on-premise or in the cloud, which will generate a one-time credential to authenticate the user. The credential expires immediately if not used.
“iVerify not only adds that critical second layer of security to the connection, but was designed to be quick and easy to use,” commented Parthasarathy. “Within seconds, the user will be authenticated and able to proceed with the task at hand. With our comprehensive platform of discovery, masking, monitoring, and data retirement, our customers have an end-to-end solution, and one with an architecture designed to evolve to meet today’s security challenges. iVerify also continues our tradition of thinking in terms of risk — avoiding SMS and email in this case – when we design a solution. And we never take the “tick the box” approach – we are thorough. Two-factor authentication for applications may tick the box for 2FA, but for MENTIS, that is not good enough – so we built 2FA for databases as well.“