Summer 19 Release: Balancing Security and Usability

Headlines this year have been riddled with stories of data breaches and password attacks. From Capital One to LinkedIn and Equifax, data breaches are becoming the norm. And, just as breaches occur with greater frequency, the cost of a data breach is also on the rise. Although, data breaches seem inevitable, most are preventable with simple security measures.

Addressing the challenges in today’s cybersecurity landscape begin with balancing security and usability. Multi-factor authentication (MFA) can reduce the risk of password attacks by 99.9%. The issue with MFA, however, is usability. MFA often combines something a user knows (a password) with something a user has (a smartphone), or something the user is (biometric). Because it often requires the use of a secondary device, many users find MFA to be cumbersome and inconvenient. That doesn’t have to be the case!

We address this and more in our Summer ‘19 quarterly release. Our latest release adds several new features that balance security and simplicity. Some of these features fall under our Adaptive Authentication offering that leverages the OneLogin Risk Engine to go beyond MFA and leverage a variety of factors including network, device, and time of day to score the risk associated with login attempts to a company’s most sensitive applications. If a login attempt is given an elevated risk score, access is denied to limit risk.

What are we announcing?

To limit the risk of data breaches, OneLogin will make available several new features to ensure strong password security. These new features ensure that end-users meet strong criteria at the password level, as well as, provide secondary authentication capabilities, and device security for laptops within the corporate network.

  1. Vigilance AI
    Powered by artificial intelligence and machine learning, Vigilance AI ingests and analyzes large volumes of data from an array of sources to identify anomalies and communicate risk across OneLogin services for threat prevention. In addition to ingesting third-party threat intelligence feeds, Vigilance AI leverages User and Entity Behavior Analytics (UEBA) capabilities to build a profile of typical user behavior and subsequently identify and communicate anomalies in real-time for advanced threat defense.
  2. SmartFactor Authentication: Beyond Passwords
    Passwords remain the top risk for enterprises, as 80% of data breaches are caused by compromised, weak, and reused passwords, leading to a growing interest in authentication methodologies that do not depend on text-based passwords. SmartFactor Authentication delivers a context-aware authentication methodology based on AI/ML insights into user behavior to move beyond text-based passwords.
  3. Adaptive Login Flows
    The new OneLogin adaptive login flows functionality uses Vigilance AI to automatically restructure authentication flow based on risk. When anomalous or risky activity is detected, a user may be required to authenticate using factors other than text-based passwords, including MFA, certificates, and biometric data. This prevents cybercriminals from using brute spray or password replay tactics. OneLogin also empowers users to configure custom authentication flows and embrace the next-generation of authentication technology.
  4. Compromised Credential Check and Password Blacklist
    OneLogin compromised credential check functionality prevents users from using credentials that have been breached and posted on the dark web. OneLogin password blacklist prevents employees or customers from using common or insecure passwords schemes that are easily compromised.
  5. Risk-Aware Access Powered by Vigilance AI
    With risk-aware access and adaptive deny, OneLogin combats malicious activity by blocking any access to systems and applications when extreme risk is detected.

Early Preview Programs

In addition to newly announced features, we will also preview an additional program to help secure your most sensitive applications. Risk-Aware Access Powered by Vigilance AI allows organizations to deny access to users under questionable or risky logins. For example, a company might want to deny access to sensitive financial applications as a best practice.

Customers can also participate in an early preview of Adaptive Login Flows which enables user policy flow selection. Participating customers can select their desired login flow protection against brute force attacks and even enable a passwordless login.

OneLogin Protect has traditionally enabled users to provide a one-time password (OTP) as a second authentication factor. In the Summer ‘19 release, we will make available biometric support to provide customers greater flexibility when selecting a second authentication factor.

Want to learn more about the new features included in our Summer ‘19 Release? Join us at Connect 2019, September 25 at the InterContinental Hotel in San Francisco for a day of in-person meetings, product demos, and more!

Can’t make it to Connect SF? You can also join us October 15 a the ME London for Connect London 2019. Or, register for our upcoming product webinar on October 8!

About the Author

Joranna Ng

Joranna Ng is a Senior Product Marketing Manager at OneLogin. She is passionate about technology and loves the enterprise mobility, Identity, and security space. Prior to OneLogin, Joranna held strategic product marketing positions with Appdome, Totango, Apttus, and Good Technology (acquired by BlackBerry).

Related Articles