What is Mutual Human Authentication?
Cybersecurity Trends
MFA has proven itself to be one of the most impactful cybersecurity innovations in recent decades. But it's still not enough.
During routine Penetration Testing, Silent Breach's ethical hackers continue to discover novel ways to circumvent digital defenses, even with MFA enabled. For example, by masquerading as IT personnel, hackers can successfully convince users to hand over not only their credentials, but their MFA codes as well. As software becomes increasingly secure, malicious actors adapt to human-centric
attack vectors. Firms need to broaden their authentication toolkit to stay protected in the years
ahead. One such tool is "Mutual Human Authentication", pioneered by SharePass, a
developer of emerging confidential communication technologies.
What is Mutual Human Authentication?
Until now, multi-factor authentication has relied mainly on an OTP which is usually texted or
emailed to the user (thereby complimenting the standard username and password). While even just this
single step has proven to radically cut down on the success rates of phishing and other social engineering attacks, persistent gaps remain. Furthermore, once an email address has been compromised, any MFA codes sent to that address will be similarly available to the hacker.
This is where Mutual Human Authentication comes in.
Rather than requiring an automated OTP code, MHA requires human permission from a trusted third-party. Now, each time account access is requested, a mutual request is sent to the 'human authenticator' (say, a security veteran within the IT Security Dept) who can review the request and choose to either grant or deny access.
Taking MHA One Step Further
With SharePass, users can convert text based data into a secure encrypted link. This link can then be MHA-protected so that even when shared, it remains under the control of the designated party and requires authentication from both parties, sender and receiver.
MHA has the added benefit of protecting your data from theft and enabling businesses as well
as individuals to own and control their data throughout its entire lifecycle.
The Benefits of Using MHA
By further strengthening and broadening multi-factor authentication, Mutual Human Authentication can also help mitigate known risks related to:
The Dark Web: Leaked credentials often make their way to the Dark Web. With MHA enabled, this data will no longer pose a significant security risk insofar as anyone who purchases the leaked credentials will still have no knowledge of who has been designated as the 'human authenticator', effectively locking them out of the account.
Anti-Phishing: As mentioned above, phishing remains the most popular method for hackers. Simply put, humans have proven to be far easier to manipulate than the secure software that they control. While Security Awareness Training is critical in pushing back against social engineering attacks, short-term solutions like MHA can put the control back into the hands of those who are most skilled at detecting and mitigating social hackers.
The Importance of MFA
Today, 98% of cyber attacks rely on social engineering and 75% of companies have fallen victim to phishing in the last year alone, making it the most common cybercrime in the world. Moreover, Silent Breach ethical hackers hold a 90% success rate at being able to compromise target networks within a single week whenever social engineering is included in the attack scope. Fortunately, multi-factor authentication and Mutual Human Authentication can go a long way in reversing these trends, defending your company, and protecting your most valuable assets: your people.
Similar Reads:
How the Dark Web Can Protect Your Company
Does Crypto Need a Cybersecurity Refresh?
Securing the Cyber Supply Chain
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.