Towards a culture of prevention

Cybersecurity is the practice of protecting computer systems and sensitive information from digital attacks. According to IBM, cybercriminals seek to collect personally identifiable information and other data such as credit card details to sell this information on underground markets.

Some of the threats we most frequently face are detailed in the following infographic.

As shown in the infographic, the six most common types of cyberattacks are:

• Malware. Malicious software such as worms, viruses, trojans, and spyware, which provide unauthorized access to a computer system or cause damage to a computer.

• Phishing. A form of social engineering that involves identity theft. The cybercriminal impersonates a company or institution to obtain sensitive data from the victim.

• Insider threats. Angry employees or those working for their own benefit can represent a threat if they have access to company systems. These threats are invisible to traditional security solutions such as firewalls.

• Ransomware. A type of malware that locks files or systems and threatens to delete all data unless a ransom is paid to cybercriminals.

• Distributed Denial-of-Service (DDoS) attacks. This attack blocks a server, website, or network by overloading it with traffic, usually from multiple coordinated systems.

• Man-in-the-middle attacks. A spying attack in which the cybercriminal intercepts communications between two parties to steal data.

Authentication methods and password security

One of the main recommendations for protecting our information is to use secure authentication methods; in other words, systems that can recognize us and protect against guessing or brute-force attacks.

Traditionally, the authentication method has been based on passwords, but in order to achieve a secure password, certain protocols must be followed that often make the process a terrible experience:

• It should be easy for you to remember, but difficult for others to guess.

• It should not contain common words or personal information.

• It should have 12 characters or more, with combinations of letters, numbers, and ASCII symbols.

• It should not be repeated across any other system, network, or website.

The password-only scheme is becoming an increasingly outdated authentication measure, since passwords are easily guessed or obtained through different types of cyberattacks, many of which we saw in the previous section. For this reason, to authenticate securely, a user normally provides, in addition to their username, some combination of the following complementary elements:

• Alphanumeric password

• OTP or One-Time Password

• PKI certificates on a smart card or USB

• Smart cards

• Biometric factors, such as fingerprint or iris

All these factors combined strengthen security; however, managing them can pose a problem, since the life cycle of each authentication factor must be handled with passwords, PIN codes, and often physical objects such as USB drives, cards, or a specific cell phone that serves as a key, among others.

In addition, there are peripheral costs such as biometric readers and sensors—not to mention, who can really remember the password for each of the accounts they manage at work (in addition to their personal accounts), especially if they have the required complexity to be considered secure passwords?

Mints.Cloud’s Magic Link: Revolutionizing Password CX

In light of this situation, at Mints.Cloud we have devised a solution. We firmly believe that security can and should go hand in hand with a good user experience, which is why we want to migrate to a passwordless system.

In the 1960s, when computers began to gain popularity, the only authentication method was passwords. But at the beginning of the 21st century, these methods are falling into disuse, as they are easily stolen or guessed. And if they are the most insecure factor for authentication, why keep using them?

We also don’t need you to create a unique username—we know that your email address or your cell phone number is already unique, and that only you have access to it. From there, we believe that the safest place to receive an access link to any other platform or system is right there, in your email inbox or on your cell phone.

By sending a Magic Link through these contact methods, only you can access—just click, and our users can enter virtual events, promotions, websites, or web applications, among other platforms. Once authenticated, they can be redirected to all kinds of content, whether it’s an article, a video conference, etc. But what ensures the security and benefits of this system?

Magic Link Benefits

1. Users don’t need to create, remember, or recover passwords, which means they enjoy a better user experience, accessing platforms with ease.
2. Applications that implement Magic Links can choose whether the authentication link is delivered to end users via email, an SMS message, or WhatsApp.
3. Distributing access to multiple users is as simple as sending them an email, and just as easy for the recipient as clicking once.
4. Businesses optimize technical support by eliminating queries related to password resets and login issues.
5. The Magic Link can be limited to a specific number of simultaneous sessions. In other words, businesses can decide how many devices users can be logged into at the same time.
6. Magic links can also be set to expire after a period of time, increasing security and allowing access to be restricted for those who should no longer have it.
7. Phishing or identity theft, as well as possible ransomware attacks (data hijacking of organizations), are reduced. In the case of phishing, it is very unlikely that a user’s email account will be hacked or that their telephone communications via SMS or WhatsApp will be intercepted. In the case of ransomware, this is because the company does not store sensitive personal data that cybercriminals might be interested in.
8. It also enables working under a Zero Trust framework. As we saw earlier, many cyberattacks in organizations occur due to insider threats. Zero Trust security strategies are based on validating every user, device, and connection within the business, and on creating a single strong user identity through an ID—in this case, the email address or cell phone number.

In conclusion…

Passwords had their time and purpose, but they are now a thing of the past… today’s standard is user-friendly authentication methods, such as magic links.

In addition to ensuring that users feel comfortable and satisfied when accessing applications, Magic Link benefits companies by eliminating password creation and recovery processes, as well as all the related support issues.

The future of marketing is personalization, and it is increasingly clear that cell phones and mobile devices in general—which detect our fingerprints or grant us access by recognizing our face—are part of our identity and provide a much safer key than the outdated alphanumeric password system.