Cyber Security
How to Decrease the Burden of Authentication Requirements

Written by Roman Cuprik, Content Writer at ESET
Authentication mechanisms are a vital aspect of cybersecurity deserving adequate protection, but increasing complexity makes them an easier target. Since American computer scientist Fernando José Corbató created the first password-based authentication in the 1960s, passwords have been an integral part of IT security all over the world.
But while the principle of using a string of characters unknown to others remains the same, the world of computing has become exponentially more complex, where an average person now has 168 passwords out of which 87 are business-related. This causes headaches not only for average users but also for IT admins who handle the secure authentication needs of hundreds if not thousands of employees within their companies who work with a number of applications and devices.
Beloved targets
Credentials are among cybercriminals’ most beloved attack vectors. According to the Verizon 2024 Data Breach Investigations Report, 77% of basic web Application Attacks involved stolen credentials, 21% of them were the result of brute force (usually easily guessable passwords), and 13% of those attacks exploited vulnerabilities.
The authors of this report also highlighted the fact that over the past 10 years, stolen credentials have appeared in almost one-third (31%) of all analyzed breaches, making credentials a core component of compromising organizations.
Globally, over 80% of respondents experienced a cyber breach due to authentication vulnerabilities in 2023, and the consequences could be detrimental. In 2023, the FBI received 7,333 complaints about personal data breaches involving a leak or the abuse of personal data. The cumulative loss of these breaches reached over $109,000,000.
There is no surprise that the importance of password security is widely recognized and can be seen, for example, among polled small and medium-sized businesses (SMEs) in the U.S., U.K., and France in JumpCloud’s 2023 Flexibility and Ingenuity Survey. The survey shows that 64% of SMEs use an organization-wide password management tool or software, and 10% plan to implement one this year. For those who don’t use password management, cost is the biggest factor.
When a security practice becomes an attack vector
But there’s also another aspect to password security. Having a robust cybersecurity solution including multi-factor authentication (MFA) is great, but at the same time, it creates new challenges for both users and IT admins. The problem among users is that they can become so irritated by repeating MFA authentication requests that they lose their vigilance. And there are already cases of MFA fatigue attacks proving that.
At the beginning of an MFA fatigue attack or an MFA bombing, attackers need to obtain targets’ credentials via phishing, brute force, password spraying, etc. Once the targets’ credentials are stolen, attackers start to bombard them with 2FA push notifications in the hope that they will click on “accept,” and thus authorize the attackers’ login attempts, at least once.
On the other hand, IT admins, already struggling with portal and alert fatigue, have gained new responsibilities related to MFA system administration, such as update or alert management. That is why, for example, the Canadian Centre for Cyber Security advises balancing overall user experience and security protection to maximise security and minimise disruptions.
Here are some other pieces of advice on improving user experience and reducing the burden on IT resources:
- Run both an awareness campaign and training to educate users.
- Allow users the flexibility to use different types of factors, where possible, such as security keys, biometrics, or PIN.
- Give users the possibility to provide feedback on their MFA experience.
- Implement MFA with a single sign-on (SSO) application to automatically log authorised users into their connected accounts.
- Provide users with a backup MFA factor and set up an easy way to reset them on their own in case their primary factor is lost, unavailable, or compromised.
- Monitor MFA events and check authentication reports to detect anomalous login activities.
- Allow users the ability to disassociate a lost or stolen device/security key from their account.
Less maintenance, more protection
Secure authentication is a vital aspect of cybersecurity but can also easily get on one’s nerves. Repeated authentication, changing passwords, and doing it on several applications can lead to users’ MFA fatigue and simultaneously drain the IT staff administrating it. And it’s not only about keeping users and IT admins happy but also securing businesses that can be endangered by MFA fatigue. With the right authentication service, businesses can increase automation and reduce maintenance duties for IT admins, thus increasing their resilience against credential-based attacks.
Cyber Security
A Reliable Data Backup Strategy is Very Important

Sertan Selcuk, the Vice President of METAP and CIS Regions at OPSWAT says hackers are now targeting third-party vendors—companies that have access to critical infrastructure but often have less robust security measures (more…)
Cyber Security
Cloud and IoT Vulnerabilities Expose Smart Cities and Industrial Systems to Cyber Risks

Ezzeldin Husein, the Regional Senior Director for Solution Engineering – META at SentinelOne says cyberattacks on MEA’s critical infrastructure are becoming more sophisticated, with nation-state actors, ransomware gangs, and hacktivists targeting energy, finance, and transportation sectors (more…)
Cyber Security
Cyberattacks on Critical Infrastructure Originate from Nation-State Actors or Sophisticated APT Groups

Saran B. Paramasivam, the Regional Director for Middle East and Africa (MEA) at Zoho says the most notable trends in cyber attacks targeting critical infrastructure systems are the rise of ransomware and social engineering attacks (more…)
-
Artificial Intelligence1 week ago
DeepSeek-R1 AI Poses 11x Higher Harmful Content Risk
-
Artificial Intelligence6 days ago
DeepSeek Popularity Exploited in Latest PyPI Attack
-
Artificial Intelligence6 days ago
SentinelOne to Spotlight AI-Driven Cybersecurity at LEAP 2025
-
Cyber Security3 days ago
Employees Are the First Line of Defense
-
News5 days ago
Sophos Completes Secureworks Acquisition
-
Homeland Security1 week ago
Daimler Truck Focuses on Growth in the Defence Sector
-
Cyber Security3 days ago
Proactive Threat Intelligence Can Keep Threats at Bay
-
Cyber Security1 week ago
Tenable Plans to Acquire Vulcan Cyber