With our increasing dependence on technology, the need for secure authentication and data protection has become a top priority.
Implementing secure authentication solutions helps businesses verify user identities, while data protection solutions prevent unauthorized access to data through encryption and other security measures. These measures safeguard the privacy of customers, prevent financial loss, and protect the company's reputation.
Today, we sat down with Oleg Naumenko, CEO of Hideez – a leading provider of secure authentication and data protection solutions – to learn more about the importance of secure authentication and data protection in today's face of ever-evolving cyber threats.
How did Hideez originate? What has your journey been like?
Hideez was created after a personal security issue where my email and cloud storage passwords were stolen, and I lost access to my accounts for a certain amount of time. Even my credit card details were stolen, and several unauthorized transactions were made on my card.
This experience led me to look for a better solution that did not involve trusting my passwords to an application or cloud service. Instead, I wanted to keep my passwords and credentials in my hands with full control over them. This is how the idea of the Hideez key, a hardware security key & password manager, was born.
We started as a hardware security key manufacturer and won several startup competitions, including the Mach37 cybersecurity accelerator. After that, we developed our product into the Hideez Authentication Service for corporate clients. Our partnership with the FIDO Alliance led to a product update according to the FIDO2/WebAuthn “passwordless” standard. We are continuously growing, expanding our product line, and developing new technologies to keep our client's data secure.
Can you introduce us to your authentication and authorization solutions? What are their key features?
We have designed a unique combination of hardware and software authentication solutions to ensure smooth logical and physical access. Our flagship product, the Hideez Authentication Service, is a comprehensive passwordless authentication solution that includes physical FIDO2 tokens, a mobile app, and a centralized authentication server that enables passwordless access and convenient identity management. Our solution consists of several components:
Hideez Server is an Identity Provider that enables passwordless single sign-on (SSO) across numerous corporate applications and websites. Hideez Server allows IT administrators to manage authentication tokens, centralize endpoints associated with them, and store digital identity information, such as roles, permissions, and other settings.
Hideez Authenticator mobile app allows employees to unlock their desktop computers and access their accounts using personal smartphones, providing a completely passwordless login experience throughout the workday.
Hideez Keys are wearable FIDO2 tokens and password vaults that can be used with both FIDO-supported websites and legacy services that don't support passwordless authentication. They can automatically fill in login credentials, generate one-time passwords (OTP), lock and unlock Windows PCs based on user proximity, and even serve as RFID keycards that open doors in the office.
Such a versatile mix of software and hardware tools provides great adaptability that covers all possible authentication scenarios. They can be used in combination or individually, depending on the needs of the organization.
What are the most common methods threat actors use to bypass various identity authentication measures?
Threat actors use a variety of methods to bypass identity authentication measures, but phishing and ransomware are among the most common. Phishing is a form of social engineering where attackers send fake emails or messages to users, trying to trick them into revealing their login credentials. In many cases, phishing emails appear to come from a trusted source, such as a bank or a popular online service.
Ransomware, on the other hand, is a type of malware that encrypts the victim's files and demands a ransom in exchange for the decryption key. Ransomware can also steal login credentials, passwords, and other sensitive information, giving attackers access to the victim's accounts and systems.
While adding a second factor to your accounts can improve the security of authentication measures, it is not a foolproof solution. Threat actors have been known to use social engineering tactics to trick users into revealing their one-time passwords and security codes, such as by posing as a customer service representative or sending a fake password reset request.
How did the recent global events affect your field of work? Were there any new challenges you had to adapt to?
The COVID-19 pandemic has dramatically changed the way we work and interact with technology. Remote work has become more prevalent, and the number of devices and applications used for work has increased significantly. This has created new challenges for cybersecurity, as remote workers are often more vulnerable to attacks and threats.
Hideez had to adapt quickly to provide secure authentication solutions that work seamlessly across a variety of devices and platforms. We have developed a cloud service that is not tied to a login device, offering a combination of different authentication methods that can be adapted to different authentication scenarios.
We also designed a universal mobile application that makes it easy for users to authenticate securely from anywhere and makes our solution even more user-friendly and cost-effective.
What are some of the most common mistakes companies make when it comes to identity management?
The most significant mistake is to have multiple services and use a complex set of different authentication solutions. This leads to inconvenience for users, as well as large expenditures of time and resources for maintaining and managing such an authentication system. To avoid this mistake, companies should opt for unified and streamlined authentication solutions that can cater to all their needs while ensuring security and ease of use.
Another mistake is not regularly reviewing and updating access privileges for employees. This can result in former employees or contractors still having access to company systems and data, which poses a significant security risk. Companies should have a process in place to regularly review and revoke access privileges when necessary, especially when employees leave the company.
Lastly, over-reliance on passwords is a common mistake that can be seen in many companies, despite the number of risks associated with them. Passwords can be easily compromised through social engineering, brute force attacks, or other methods, making them a weak link in any security system. In addition, employees often choose simple passwords, use the same password across multiple services, and do not regularly update their passwords.
Besides quality Identity & Access Management solutions, what other cybersecurity measures do you think every company should implement nowadays?
Authentication is like the central door in any corporate system that needs to be secured first, but it's just one piece of the cybersecurity puzzle. In my opinion, every company should implement security measures such as a Security Operation Center (SOC) system, which can monitor the state of the system as a whole and analyze risk indicators. A SOC can help detect and respond to security incidents before they cause damage.
Other important cybersecurity measures include regular security training for employees, encryption, and network segmentation. Companies should also have a comprehensive incident response plan that outlines the steps to take in the event of a security breach or cyberattack.
As for personal use, what security measures can average individuals take to protect their identity?
It's important for individuals to recognize that their personal accounts may be the first target for hackers attempting to breach their company's corporate system. Practicing good security hygiene and implementing strong authentication policies can be both secure and convenient, especially when using passwordless authentication methods such as the FIDO2/WebAuthn standard, also known as Passkeys technology.
The simplest step towards improving personal security is to enable a second-factor authentication method based on the FIDO U2F standard. This ensures that even if a password is compromised, the attacker would still need physical access to the user's security key or device to gain access to the account.
What identity-based threats do you find the most concerning at the moment?
According to recent studies, over 80% of data breaches occur due to weak or stolen passwords, so my advice would be to avoid using passwords whenever possible.
By utilizing hardware keys, mobile authenticators, platform authentication, or passkey technology based on embedded biometrics, FIDO-based passwordless authentication offers a secure and easy-to-use alternative to traditional passwords.
Furthermore, modern passwordless authentication tools can be easily integrated into existing systems and workflows, making them a practical solution for both individuals and organizations of all sizes.
Would you like to share what’s next for Hideez?
We understand that the need for secure authentication is constantly increasing, especially in today's world where the number of apps and services we use is on the rise. Hideez is committed to delivering innovative and reliable solutions that provide both security and convenience to our customers.
Our experience in developing solutions for the military has allowed us to gain valuable insights into the specific requirements and features essential for secure authentication. With this knowledge, we are proud to announce the upcoming release of our military security key with a biometric sensor, the Hideez Key 5.
This product has been specifically designed to meet the needs of the military and will be equipped with the latest biometric sensor technology, ensuring the highest level of security. Our team has worked tirelessly to provide the best possible user experience. We believe that the Hideez Key 5 will be a game-changer in the industry, and we are excited to bring it to market in the near future.