Passwords are traditional. As long as only you and the people you trust know them then, you can operate anonymously and with security on the Internet and various applications. Passwords are safe. Well not really. Not anymore.
Passwords are reused. They are successful for months, years even. Yet, the reliance on a singular method of authentication is foolhardy. If something can go wrong, it will. Eventually, a data breach reveals a password and it opens the door for a range of potential attack vectors. A compromised password is the most likely way that someone will get hacked. 2021 saw nearly 2 billion passwords leaked by hackers.
People may decide that they won’t reuse them, they’ll just keep a list of all their different passwords. A list which grows and grows and grows. As this long list of long passwords grows it drains productivity. More people forget, misplace, or simply never bother to remember their password to that one site. One of the most common help-tickets for IT is for password replacement. Furthermore, contrary to popular belief, long passwords don’t guarantee safety. Over 90% of passwords used in brute force attacks are 8 characters or longer.
Increasingly, companies are recognizing how prevalent password-related issues are and looking for a solution. The most frequent solution is multi-factor authentication- a type of authentication which requires multiple types of verification in order to access websites and applications. Yet, MFA’s face an uphill battle against passwords due to issues of cost, speed, and usability.
MIRACL, based in London, is the MFA company to watch in 2022. They are taking a big leap forward in 2022 to provide an easily integratable and secure authentication platform for every type of end-user and offer the fastest MFA platform on the market.
Rob Griffin, the CEO of MIRACL, talked with IT Security Guru about the company, its products, and the future of authentication security.
Can you tell me a bit about your background?
“Previously I worked as an investor in emerging US high growth technology stocks, both private and public. I founded up a US-based fund management company with 3 other partners back in 2004 and it is still going strong today. Why the change? Well, I wanted to actually grow a business, not just invest in growing businesses and while I admit I really don’t quite know what I was letting myself in for, I relish the amount I have learned and am continuing to learn.”
What drives you to pursue Cybersecurity?
“For me, that’s a pretty easy one! Cybercrime is just such a big problem – I recall when I was hacked a long time ago what a burning sense of injustice I felt. We really have to do more to prevent that from happening to people and crucially, I think we are still at a fairly early stage of understanding how to solve the problem so there is a lot to think about.”
What is unique about working with MIRACL?
“In cybersecurity you have to be very careful about making claims that something is unique. We do by the way but it is not something we take lightly. I suppose the single element that we believe separates us from others is that as a team of which I am very proud – some brilliant brains and the very best scientists and engineers in the field – we really do all obsess over one thing; and that is the end-user.
“I believe that most cybersecurity companies forget that a product must bring an improvement in user experience as well as an improvement in security. Otherwise, users, particularly if they’re your customers, won’t adopt it or if they do, they will eventually stop using it or somehow try to develop workarounds. A rock solid cybersecurity product that users hate will cause resentment and over-time, will result in a security failure.”
What can you tell me about MIRACL’s origins? What motivated its launch and its current trajectory?
“The origins of MIRACL are that some areas of cybersecurity such as authentication, which for the last 60 years has been based on passwords, have not evolved at the same pace as cryptography. MIRACL passionately believes that these innovations in cryptography hold the answer to fundamental flaws in our existing security architecture that have led to passwords and their mis-use still being at the root of 70% of all breaches occurring today. Advanced cryptography and the distributed trust architecture that it enables then need to be wrapped in the best user experience. Our mission is to make all of that accessible to pretty much anyone so that any company can safeguard its staff and customers. For us, the breakthrough in trajectory has been that we now have hard data showing the system achieving world-beating results in many different large companies so things are accelerating fast.”
Can you give me a synopsis of the issues MFA solves which passwords do not?
“Not all MFAs are the same. Indeed, 90% of MFA solutions do not protect from phishing, which is currently the fastest growing cause of breach. Essentially, passwords as a single factor are susceptible to a whole range of remote attacks (credential stuffing, password spraying, phishing etc) that have become so common because hackers can and do earn vast amounts from hacking them. A prerequisite for MIRACL was to prevent all of these attacks.”
How do you stand out from what is currently on the market?
“Well having said that we don’t make claims of uniqueness lightly, here are three:
“1. MIRACL provides the world’s fastest authentication system. An MFA login with MIRACL takes just 2.5 seconds, which is why we call it the login you’ll love! We think journey time is really important to users because whether they are staff or customers, they just want to get to their destination as fast as possible.
“2. MIRACL’s authentication offers the world’s highest login success ratio. This is the proportion of users that successfully authenticate rather than having to ultimately reset their account. For B2B customers this is 99.9% For B2C customers this is 99.6%. Frankly, it annoys us that competitors aren’t transparent about these numbers and publish them for users’ benefit but we know no other system comes close.
“3. MIRACL’s authentication works on 100% of devices for 100% of users. Digital exclusion whether due to out of date devices or a lack of IT literacy is a big problem and so it is vital that every user on every device is equally able to log in successfully. Many of our competitors rely on the latest hardware or don’t work on a Smart TV or Virtual Reality headset. Not so MIRACL.”
How big of a factor is time and effort when it comes to implementing MFA? Are companies simply unwilling to switch onto a safer method of authentication because they believe there is too much time involved?
“Yes – implementing MFA really can be laborious, particularly when it comes to optimising the user experience. My personal opinion is that 99% of the MFA implementations out there are somewhere between a bad user experience and a terrible one so it is clear that making this a simple task is important for customers and that is what we have done. I sympathise with web and app operators. They have had to cope with some big structural changes as a result of the pandemic, new regulatory changes and constant security vulnerabilities. It is hardly surprising that they feel very short of IT resources and developers. We have therefore worked tirelessly to make integration as easy as possible and I am glad to say that we recently had a large banking platform integrate a fully operable proof of concept of all of our products in 3 days (two of which were a weekend).”
Where do you see MIRACL in the next 5 years?
“Well firstly, MIRACL is going to bring a lasting solution to the problem of authentication, not just in terms of getting rid of passwords, which are a nightmare for users and operators alike, but also the centralised and archaic architecture that results in so many large-scale breaches.
“Secondly, I think we can make the biggest difference to users’ experience. Currently 10-15% of MFA login attempts end in failure. The pain is so great that just 2.4% of Twitter users and 4% of Facebook users log in via MFA despite all of the hacks that have occurred on those networks. Hardly surprising when you consider that a web page that uploads in more than 0.7 second is considered too slow to feature highly in Google’s search results yet MFA logins frequently take 40 seconds!
“Finally, the advances in cryptography that I mentioned earlier really are substantial and we have really only scratched the surface of how data is secured and privacy is assured.”
