Global enterprise security budgets are over $100B per year, yet the number of breaches continues climbing. With hybrid working here to stay, workers need to access systems and data from anywhere. But compromised credentials are responsible for the majority of breaches – at an average breach cost of $4.37 million.
For the future of work, how do you prevent data breaches? The obvious answer is strong authentication; ideally passwordless, Zero Trust multi-factor authentication (MFA), and ideally for all your employees.
Hardware is a robust solution, but it’s not realistic to deploy to every employee. Many IAM leaders compromise by sticking to more cost-effective legacy methods, even though authenticator apps and codes sent via email or SMS are vulnerable to phishing and man-in-the-middle (MITM) attacks.
Now there’s an alternative that provides hardware-grade security for the whole organisation – without the need for additional hardware. SIM authentication from tru.ID is the newest innovation in MFA, and it uses the strongest piece of hardware employees already own: their mobile phone. Here’s how...
MFA is usually added as a countermeasure to password-based access.
Of the stronger passwordless MFA methods, FIDO tokens come as keys, dongles, and handheld readers that generate time-limited passcodes. Users generally dislike the cumbersome experience, but must comply with it. IAM teams don’t have it easy either – they must absorb the costs and complexity of supporting a rather fiddly security choice.
As a result, hardware tokens tend to be issued only to individuals identified as high-risk, leaving most of the workforce vulnerable.
Any security solution to be deployed universally must meet a tough set of requirements:
Hardware MFA may be highly secure, but it fails on the other criteria:
Thankfully, there’s an innovative MFA alternative – using the SIM card in employees’ mobile phones to get strong, hardware-grade security without any extra hardware.
In an IAM context, the SIM card acts as a secure possession factor, but with a unique advantage. Every employee already has one at all times: it’s in their mobile phone, and they’re very motivated to keep it safe.
SIM authentication is how networks verify their 5 billion customers every time they make calls or use data, and to charge them correctly. No extra credentials are needed to ‘log in’ to a mobile network – authentication happens automatically in the background between the SIM card and the operator. SIM authentication is seamless to the user.
Now, with tru.ID, network authentication is being made available to businesses, offering compelling benefits for IAM:
Inside the SIM card is the same cryptographically secure, tamper-resistant authorisation technology that is inside every bank card. When deployed in a mobile phone, it has a unique identifier - International Mobile Subscriber Identifier, or IMSI. The SIM also stores a secret key (or ‘Ki’; a 128-bit value) and an algorithm which, together with the IMSI, provides cryptographically secure authentication.
SIM authentication uses a secure, encrypted connection from the mobile device to the mobile network operator, who verifies the match. Requiring no code or password from the user means there’s no way for malicious actors to intercept the process. tru.ID can also check that the SIM card has not been associated with a new account recently, protecting against SIM swap fraud.
To learn more or to get started with implementation, tru.ID can provide a packaged solution via API, or embedded into an authentication app. The app-based solution can also be enhanced by biometric MFA. Integrating SIM-based authentication for IAM can happen with either OIDC or REST API. It also works with eSIMs.
tru.ID can support all types of mobile apps, with a rich set of tutorials available for Android, iOS, React Native, and many other implementations. Our online platform is developer-first, with a sandbox for easy testing.
Book your free 30-minute demo now to see it in action.