Doing the Security Two-Step: Why Authentication Should be Built into Hardware

To be truly effective, multifactor authentication (MFA) methods need to be grounded in hardware, not reliant on software alone.

You know by now that password-only authentication is no match for today’s sophisticated cybercriminals. Passwords are being acquired by hackers at record rates, usually by Trojan-horse-style traps, which have increased by 55 percent in recent years1.

And stolen credentials are a pervasive and costly problem for today’s enterprises—they accounted for 81 percent of all data breaches last year2, and it’s predicted that $6 trillion in cybercrime damages will be incurred by 20213.

“We're giving the user the convenience of a soft token with the security and hardening of a hardware token.”

—Yasser Rasheed, Director of Business Client Security, Intel

It’s predicted that $6 trillion in cybercrime damages will be incurred by 2021.

Hardened security that doesn’t hinder productivity
Not only is it impossible for employees to forget the unique ridges of their fingerprints or distinguishable facial peaks, but biometric-based factors are also harder for hackers to impersonate. Bluetooth phone proximity or new devices themselves can also confirm an identity based on logical location when Intel® Active Management Technology (Intel® AMT) is activated with the Intel® Authenticate Solution.

With new devices, authentication can now verify the fingerprints and facial features that make every employee unique, and the physical devices that have become an extension of them. Using these types of passive, personalized factors keeps the authentication process easy for users, allowing them to log in quickly and having little to no effect on their productivity.

“Combining one interactive, active factor with one or more of the passive factors makes it super convenient for the user,” said Rasheed. “It’s actually a lot more convenient than using a password.”

Preparing for new standards
Security compliance standards are becoming ever more stringent. New requirements like those in the General Data Protection Regulation (GDPR) are compelling organizations to continue to improve their security posture and be prepared for audits. Deploying hardware-based security technology like the Intel® Authenticate Solution data encryption will help organizations prepare for these new rules, increasing their ability to meet compliance deadlines while diminishing the likelihood of financial penalties.

Putting security into the silicon
Grounding authentication into the silicon of the hardware itself renders most Trojan-horse attacks ineffective, as stealing a user’s password or breaking through the security software won’t be enough for a hacker to enter the system. Comprehensive authentication needs to be anchored in processing—farther from sight, further from reach—below the software layer, where code is too easily manipulated. This process includes securing in hardware the moment when the user is authenticated and granted access to network services and data. While no security setup is wholly foolproof, adding MFA hardware layers such as those provided with the Intel® Authenticate Solution makes intrusions far less likely to succeed.

“The beauty of multifactor done in the hardware is that you have the best of both worlds: convenience for users and flexibility and control for IT,” said Rasheed.

Strengthen Endpoint Security with Hardware-Enhanced Protection

You’ve read the headlines. It’s time to modernize your endpoint security strategy and software alone is not enough. Strengthen identity and access management with security built into 8th Gen Intel® Core™ vPro™ processor-based devices.

Return to Endpoint Security