IT Alert: Microsoft Permanently Disabling Basic Authentication

Aug 08, 2022

What Does This Mean?

Effective October 1, 2022, Microsoft will permanently disable Basic Authentication (Basic Auth) due to security concerns and outdated technology. The planned replacement is called none other than, Modern Authentication (Modern Auth). So, what does this mean for your organization?

Basic Authentication & Security Issues

Basic Auth simply means an application sends usernames and passwords over the Internet as encoded text. These credentials are also often stored or saved on the device.

While the credentials are encoded, meaning converted to characters or symbols, this form of authentication can expose usernames and passwords. Hackers may intercept the transmission, decoding and stealing the information. Since Microsoft announced its disablement of Basic Auth in September of last year there has been a notable spike in high-level attacks by cybercriminals. According to Microsoft, “As a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Every day [you have] Basic Auth enabled; you are at risk from attack.”

Furthermore, Basic Auth does not support multi-factor authentication (MFA) which is the best protection against cyber-attack and is now required under Presidential order 14028. To learn more about MFA, check out our previous blog here.

Modern Authentication

Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server. With Modern Auth comes additional security features like MFA, smart cards, etc. Modern authentication doesn’t let apps save account credentials and is better designed for Internet-scale and management.

Next Steps

If your organization has not begun the transition to Modern Authentication, it is mission-critical that you begin doing so now.

The US Cybersecurity and Infrastructure Security Agency (CISA) is strongly encouraging organizations to make the move immediately and to enable multifactor authentication.

WVC Technologies can assist you in this transition. Our partner, DMC Technology group and their certified team of technicians can walk you and your team through the process.

Connect With Us.

Greg Gomach

Greg Gomach
Senior Client Executive
Greg.Gomach@dmctechgroup.com

Categories: Risk Services


New Mandatory Requirement For Cyber Insurance

Oct 19, 2021

During the past year, ransomware attacks and other cyber breaches have skyrocketed leading to significant changes in the cyber insurance marketplace. Historically, obtaining cyber insurance was simple and renewals were a matter of updates based on major changes within an organization. Fast forward to now and notable shifts in insurance policies and regulations are taking shape. Underwriters are now asking for more information related to cyber controls and IT risk management.

Multi-Factor Authentication (MFA)

Multi-Factor Authentical (MFA) is now a minimum requirement for cyber insurance through most carriers. The message, if you have not incorporated MFA into your current IT environment, your organization may be considered a high risk which would disqualify you from coverage.

MFA provides an additional layer of security above and beyond your traditional password protection. It requires users to validate their identity with additional credentials. These credentials could be the answer to a security question, the click of a button in an app for approvals, or even a biometric identifier such as a fingerprint. This extra layer of protection stops attackers as they won’t be able to access an account without all required credentials, even if they have stolen a password. The additional proof points confirm the person attempting to enter the system is truly who they say they are.

According to both Microsoft, ‘up to 99% of cyber identity attacks can be prevented with MFA’. Google has also supported this with their research ‘which shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.’

If you already have cyber insurance you more than likely will find stricter requirements during your renewal. If you are in the market for cyber insurance, you will need to incorporate MFA before you seek coverage. Carrier data proves those without MFA are at a much higher risk for extortion and therefore coverage is not obtainable.

Our WVC Technologies team can assist with your MFA initiatives to help you: one, qualify for cyber insurance quotes from multiple carriers, and two, help reduce your claims activity which can improve your insurance pricing.

Connect With Us.

Greg Gomach, WVC Technologies Senior Client Rep.

greg.gomach@dmctechgroup.com

Categories: Risk Services