In a world where organizations are constantly at risk of losing their valuable data to clever pretenders, user authentication is vital. Many organizations with multi-factor authentication systems retain regular passwords as one authentication factor on top of another like a one-time password.
Such systems, with passwords patched with other “possession” factors, involve running costs that mount over time. Further, they can be circumvented by phishing to steal these credentials, increasing the org’s vulnerability to bad actors. For instance, in 2020, over 80% of breaches (hacking) involved the use of lost or stolen credentials.
To minimize their risk and protect themselves, organizations need more secure user authentication methods. They need multi-factor authentication (MFA) solutions. However, not all authentication solutions prevent breaches. This is why we have created a threat model to help you evaluate your current authentication solution. It takes only a few minutes to complete and at the end it will send you a detailed report of areas of weakness and how to mitigate these weaknesses.
The threat model was created in collaboration with the National Cyber Security Center (NCSC) in the UK. The threat model is created based on the Center for Internet Security (CIS) Risk Assessment Method that conforms to and extends established risk assessment standards, such as ISO/IEC 27005, NIST SP 800-30, and RISK IT.