CloudGate logo
Back to Blog List

Consider adoptinng evolving biometric authentication

​Password-only Authentication is Dangerous for Cloud-based Groupware

HomeBlog

Password-only Authentication is Dangerous for Cloud-based Groupware​

International System Research Co., Ltd.

November 2, 2022

Authenticate 2022 - The Arrival of Passkeys! MFA Applied to Everyone by Default

As part of work-style reform, the adoption of cloud-based groupware accelerated even before the widespread use of remote work. For companies that had already implemented it, transitioning to sudden work-from-home due to COVID-19 was likely smooth. And employees could probably continue their work "as usual" without struggling with unfamiliar IT tools.

However, the surrounding environment has certainly "changed."
Attacks exploiting the COVID-19 pandemic, targeting major cloud services, are on the rise.

If, in this era, your company is still relying on "password-only" authentication, it may already be at risk.

This article will explain the necessity of cloud-based groupware, the problems with passwords, and authentication methods to move beyond them.

Why is Cloud-Based Groupware Necessary for Remote Work?

Cloud-based groupware, which enables collaboration among employees, is an essential tool for remote work.

"It's hard to understand what others are thinking."
This was reportedly the biggest concern for many during the remote work shift caused by COVID-19.
Precisely because you are not in an environment where you can quickly meet and confirm things, human connection becomes a very important factor in advancing work.

Cloud-based groupware includes features like "file sharing," "bulletin boards and chat for team information sharing," and "email functions." By utilizing an internet environment, it not only allows most operations to be conducted remotely but also serves as a unique tool for real-time, close communication.

We at ISR have also been using cloud-based groupware for a long time, and this tool helped us overcome communication anxieties during the recent work-from-home period.
Meetings are held using web conferencing systems, allowing participants to see each other's faces. Employees prioritize real-time communication through chat tools, and departments set aside time for informal online lunch gatherings to address nuances not conveyed through text and alleviate feelings of loneliness due to lack of communication.

Even after the COVID-19 pandemic subsides, with approximately 74% of people believing that working from home "should continue" or "should partially continue," remote work will undoubtedly become a standard and indispensable part of diverse work styles, and cloud-based groupware will be an essential tool.

Is Password-Only Authentication Dangerous for Cloud-Based Groupware?

First, remember that attacks exploiting the weak security of "passwords" are diversifying and constantly pose a threat.

Also, services essential for remote work and used by many users are particularly vulnerable.

Major cloud-based groupware like Microsoft 365 (formerly Office 365) and G Suite have been used by many companies even before the expansion of COVID-19. A 2019 survey, for example, showed that Office 365 was used by over 40% of companies with more than 1001 employees, indicating its widespread adoption.

Now, with the prevalence of remote work, these services are highlighted on many websites as essential tools for remote work.

However, even popular services like Microsoft 365 and Gmail have been targeted by phishing scams, with attacks exploiting the weak security of passwords being confirmed.

In a lateral phishing scam targeting Microsoft 365, malicious emails were sent from compromised corporate email accounts. Clicking the attached URL appeared to download a PDF shared on OneNote via SharePoint. If users entered their ID and password on that phishing page, the credentials were sent to a suspicious domain believed to be set up by the attackers. The apparent objective was to steal Microsoft 365 accounts.

And, regarding Gmail, it was reported that emails targeting private accounts of US government employees encouraged them to click links offering free coupons or online orders, redirecting them to fraudulent websites to try and steal Google account credentials.

While specific damage figures aren't always clear for both cases, it's evident that attackers are employing every tactic to target weak passwords.

It's difficult to predict when and how your password might be stolen. That's why you must first change "password-only authentication," which carries high risks.

How to Break Free from Password-Only Authentication?

Why not try using biometric authentication?

There are many methods, such as 2-step verification using authentication apps or authentication using FIDO2-based passwordless authentication. Among these, biometric authentication has seen increasing adoption in recent years, with major manufacturers continuously releasing compatible PCs, making it the most widely adopted authentication method. For companies already using it or planning to replace PCs, there's no need to procure separate tokens or devices solely for authentication.

Furthermore, common methods like "facial recognition" and "fingerprint authentication" are difficult to spoof or replicate, leading to a higher level of security. Additionally, users avoid the inconvenience of carrying tokens, and authentication is easy and fast, offering high convenience.

The widespread adoption of biometric authentication was propelled by Touch ID and Windows 10. Currently, fingerprint authentication can be used for Apple ID and Apple Pay purchases on MacBook Pro and MacBook Air models with Touch ID, and Windows Hello can be used on Windows 10 devices for services like OneDrive.

So, can it be used with cloud-based groupware utilized by businesses?

The answer is: "YES"

By using CloudGate UNO, you can use Touch ID and Windows Hello for accessing cloud-based groupware, enabling passwordless biometric authentication. Moreover, you can seamlessly access various cloud services you use, such as those listed here.

Mac Touch ID Windows Hello - passwordless

Conclusion

This article discussed the problems with password-only authentication in cloud-based groupware and presented solutions.

To implement the authentication solutions discussed, you first need to audit and organize your company's environment. You can choose one authentication method that suits your company's device environment and employees, or you can combine and customize various authentication methods. There are many ways to break free from password-only authentication.

The most important thing is to protect your company's valuable assets from being exposed to danger.

And we at ISR will help accelerate your business through our services, which enable you to use not only your company's cloud-based groupware but also various other cloud services securely and conveniently.

Ensure secure access to the cloud with CloudGate UNO.

Contact Us
CloudGate UNO Logo

A trademarked single sign-on service solution of International Systems Research Co. (ISR)
that provides reliable and affordable strong authentication service for cloud services.

Google Partner BadgeFido Member Logo

International Systems Research Co.
All Rights Reserved.

All company names, products, and services mentioned herein are trademarks or registered trademarks of their respective owners.

Privacy Policy

日本語