MachCloud is the first provider of its kind to introduce Zero Sign-On Authentication (and why that is a big deal)
Getting rid of passwords is the best way of keeping them out of criminals’ hands. Introducing Zero Sign-On, also known as passwordless authentication method, increases security by preventing incidents caused by weak, stolen or leaked passwords. It also reduces administration hassle by automating the login process. This article describes the introduction of Zero sign-on at MachCloud, and why we believe you should start using passwordless authentication as soon as possible.
We all want to be safer online. Passwords are a weak link in online security. Passwords can be guessed, stolen from the company’s server, leaked from a device or compromised if users share them.
By adopting passwordless technology based on private keys, user keys cannot be guessed or shared between users. Private keys cannot be stolen by hacking into a company’s server or database and the method is resistant to phishing attempts because they’re all unique to websites. They can’t be used on fraudulent lookalike sites.
Why is it needed?
Today we use multi-factor authentication and password managers storing new usernames/passwords for every login. Unfortunately, this means more hassle and isn’t sufficient as a measure to avoid security breaches. Increasing malware attacks, social engineering scams, and password sharing results in tens of billions of login credentials being exposed by data breaches. Passwordless authentication is necessary to keep criminals from taking over accounts using stolen username and password combinations.
How does Zero Sign-on Authentication actually work?
When you connect to a secure website, your browser and the server exchange encrypted messages to keep your communication private. This encryption is made possible through the use of cryptographic keys. Think of cryptographic keys as a pair of locks and keys. Just as you can unlock a lock with its corresponding key, encrypted data can only be decrypted with the corresponding cryptographic key. When you establish a secure connection, your browser and server generate a unique key. These keys are then used to encrypt and decrypt the messages that are sent between them.
The keys are also securely shared between your browser and the server using public-key cryptography. This ensures that only your browser and the server have access to the keys, making it extremely difficult for anyone else to intercept or read the messages being exchanged.
A passkey is a passwordless way to log in to apps and websites. A passkey is another name for a pair of cryptography keys generated by your authenticated device. A public key and a private key combine to create a passkey.
The website or web server stores your public key when you log in. The private key is only stored on your device. After your device authenticates your identity, the combination of the two keys grants you access to your account on the website. Passkeys are unique to each web server or website. Your PC or Mobile device that generates the passkey uses a biometric authentication tool, such as TouchID, to authenticate your identity. Windows Hello is a biometric authentication service offered by Microsoft that allows users to securely log in using facial recognition or fingerprint scanning. The result is that a secure login becomes as easy as scanning your fingerprint on a PC or Mobile device.
Apart from biometric data authentication, an extra layer of protection can be added with hardware security keys. These dongles can be USB keys, NFC keys, and Bluetooth keys.
MachCloud takes Zero sign-on Authentication security to the next level
Using passkeys, you can log into MachCloud’s Control Panel securely using the biometric authentication tool, such as TouchID (fingerprint reader). Activation is a simple 3-click action in account settings. One-time activation of Passwordless Authentication opens a security dialogue that asks permission to register the computer or mobile device. Each user adds their device using the Fingerprint reader and passkey system in the PC, such as Windows Hello. After device registration, the next logins of MachCloud’s Control Panel are as simple as scanning a fingerprint.
There is no need for the user to juggle multiple passwords and authenticators. This much simpler authentication process takes away the need to manage passwords among employees.