What this book covers
Chapter 1, On the Internet, Nobody Knows You’re a Dog
This inaugural chapter provides the fundamental groundwork for understanding the dynamic realm of digital identities and MFA. We begin with an overview of the concept of identity, both in its traditional and digital manifestations, and then delve into the nuances of two fundamental types of digital identity – workforce and customer identity. Critical in today’s digitized world, these forms of identity offer unique challenges and opportunities that businesses must navigate effectively.
Next, we focus on the foundational pillar of digital security – authentication factors. These factors, which include something you know (such as a password), something you have (such as a token or a card), and something you are (such as a biometric characteristic that you have), make up the core of MFA.
The chapter continues with an introduction to the basic concepts and terminology related to digital identity and MFA. This vocabulary is relevant for the remaining chapters and for anyone aiming to understand and work in cybersecurity.
Finally, we delve into the concept of MFA in more detail, explaining its importance in contemporary cybersecurity strategies, how it operates, and why it has become the go-to solution for businesses and individuals seeking to enhance their digital security.
Chapter 2, When to Use Different Types of MFA
In Chapter 2, we dive deeper into the multifaceted nature of MFA. Recognizing that not all MFA solutions are created equal is critical, and we explore the contexts in which different types of MFA are most effectively utilized.
Given the rapidly evolving landscape of cybersecurity, the chapter also emphasizes the importance of staying up to date. We acknowledge that cyber criminals, or bad actors, always look for vulnerabilities and continually update their strategies. Thus, we present reliable sources of information for keeping pace with these changes.
Chapter 3, Preventing 99.9% of Attacks – MFA with Azure AD and Duo
Chapter 3 comprehensively explores Azure Active Directory (Azure AD) and how Acme Software can leverage it to improve its workforce’s user management and security practices. As the cornerstone of Microsoft 365, Azure AD provides a robust, cloud-based IAM solution that caters to the company’s needs, from centralizing user and group management to enforcing advanced security measures.
We commence by establishing the foundations of Azure AD, showcasing its essential benefits such as secure authentication, SSO capabilities, conditional access (CA), and MFA. The focus then shifts to the challenges associated with traditional password-based authentication. Drawing upon Microsoft’s research, we delve into why passwords alone aren’t sufficient for securing accounts and data, underscoring the necessity of MFA in the security equation.
From there, we guide readers through configuring Azure AD, presenting diverse authentication workflows tailored to different organizational roles’ risk levels. Given the sophistication of attacks on passwords and MFA, we also demonstrate how to configure different authenticators, thereby enabling authorized individuals’ access to sensitive company resources.
In recognition of the modern work-from-anywhere culture and the increasing prevalence of BYOD policies, we describe how Acme Software can employ Azure AD to ensure consistent security across applications accessed both internally and on public networks. We also introduce Duo, a Two-Factor Authentication (2FA) product from Duo Security.
Chapter 4, Implementing Workforce and Customer Authentication Using Okta
Chapter 4 takes a deep dive into Okta, a leading cloud-based identity management system offering two distinguished IAM products: Okta Workforce Identity and Okta Customer Identity. These products bring unique benefits to businesses, from comprehensive workforce management to secure customer interactions.
The first part of the chapter focuses on Okta Workforce Identity. This solution offers businesses an efficient way to manage and protect their workforce users, such as employees, contractors, and partners, from a single platform. First, we delve into its capabilities and discuss how its use allows businesses to maintain regulatory compliance while achieving their objectives. Next, we illustrate its implementation using a case study involving Acme’s workforce applications, exploring the configuration and use of additional authenticators, with Duo as the authenticator of choice.
In the second part of the chapter, we switch focus to Okta Customer Identity. This tool enables businesses to securely manage end user identities and create frictionless application registration and login experiences. In addition, this solution provides businesses with the capacity to integrate authentication seamlessly into any cloud-based application. We delve into its features and demonstrate its use by exploring the development of MFA for customer-facing applications.
Chapter 5, Access Management with ForgeRock and Behavioral Biometrics
Chapter 5 takes us on a journey through the offerings of ForgeRock, another leading IAM solutions provider. In this chapter, we focus on how businesses such as Acme can effectively leverage ForgeRock’s solutions to enhance the customer experience for external users while securing and enabling an agile workforce.
We start the chapter by taking readers through the experience of using ForgeRock.
Our next stop is the exploration of authentication trees, a noteworthy feature in ForgeRock’s suite of solutions. Authentication trees offer a flexible and customizable approach to authentication that allows businesses to design their unique user journey, enhancing security and user experience.
Lastly, we delve into the innovative world of behavioral biometrics, a technology that brings a new level of security by studying the user’s behavior during the login process. This cutting-edge technology enables businesses to increase security and reduce friction during the authentication process, providing a seamless blend of security and user convenience.
Chapter 6, Federated SSO with PingFederate and 1Kosmos
Chapter 6 is dedicated to a comprehensive exploration of PingFederate, a versatile solution for user authentication and SSO. In this chapter, we also introduce 1Kosmos, a provider of passwordless MFA that offers an improved, frictionless, and secure experience for workforce users.
We start the chapter by providing an overview of PingFederate and its ability to facilitate federated SSO. This allows users to access multiple applications with single login credentials, significantly enhancing user convenience without compromising security.
The chapter then pivots to introduce the concept of passwordless authentication – a technology that seeks to eliminate passwords as a point of vulnerability in the security architecture. We delve into how this innovative approach can enhance user experiences while maintaining high security standards.
Finally, we introduce 1Kosmos and its unique contribution to passwordless MFA with verified identities. 1Kosmos not only removes the password from the equation but also verifies the identity of users through robust biometric checks, adding another layer of security.
Chapter 7, MFA and the Cloud – Using MFA with Amazon Web Services
Chapter 7 introduces how businesses such as Acme can leverage Amazon Web Services (AWS) for their IAM needs. Given the trend of companies increasingly adopting cloud platforms to develop and deploy their products and services, understanding AWS’s IAM services is crucial for workforce and customer enablement.
We introduce AWS IAM, explain its features and capabilities, and demonstrate how it can help businesses manage and secure access to their AWS resources effectively.
Next, we shift focus to workforce users. We discuss how AWS can be utilized to manage and protect workforce identities, ensuring secure access to necessary resources while maintaining the ease of operation for users.
Finally, we discuss Amazon Cognito, an AWS service that enables easy and secure user sign-up and sign-in. We cover how Cognito can be leveraged to authorize Acme’s customers and end users, providing a seamless and secure user experience.
Chapter 8, Google Cloud Platform and MFA
Chapter 8 concludes our exploration of the big three cloud platform service providers—AWS, Microsoft Azure, and Google Cloud Platform (GCP)—each bringing unique strengths. In this chapter, we focus on GCP, rounding out our coverage of these dominant players in the cloud computing market.
We’ve previously delved into AWS and Azure, highlighting their unique offerings and applicability to businesses such as Acme. Now, we turn our attention to GCP, which prides itself on its machine learning and data analytics capabilities among its cloud services.
This chapter discusses Google Cloud Identity, examining its features and capabilities and how it fits into the overall landscape of GCP’s cloud services. We also touch on the Google Cloud Identity Platform, GCP’s robust IAM solution, which enables businesses to manage their user identities seamlessly across their applications.
Chapter 9, MFA without Commercial Products – Doing It All Yourself with Keycloak
Chapter 9 introduces readers to Keycloak, an open source IAM solution. As Acme Software seeks to explore options beyond traditional commercial products for its expanding IAM infrastructure, Keycloak offers a viable, cost-effective, and flexible alternative. This chapter aims to help Acme and readers understand Keycloak’s potential to streamline authentication and authorization processes for the workforce and customers.
We begin by defining the Keycloak server, explaining its role in IAM, and elucidating its core features.
The chapter then explores the functionalities of Keycloak’s administration console, providing insights into the flexibility and control it offers. We delve into using Keycloak for SSO, a feature that enhances user convenience and security.
Keycloak’s MFA capabilities are also investigated, underscoring the software’s commitment to robust security. By comparing Keycloak to other commercial products, readers will gain a comprehensive perspective on its relative strengths and areas of consideration.
Chapter 10, Implementing MFA in the Real World
Chapter 10 steers the reader toward a deeper understanding of cybersecurity from a business perspective. We explore the business implications of cybersecurity, its role in safeguarding organizational assets, and the associated legal and ethical responsibilities of an organization’s leadership.
Firstly, we delve into the business side of cybersecurity, discussing the importance of authentication and the broader impact of cybersecurity on business functions. Next, we articulate how cybersecurity, far from being a mere technical concern, is intrinsically tied to a business’s viability and reputation.
Subsequently, we provide insights on how to bolster cybersecurity within organizations. This section delves into proactive measures that businesses can adopt to stay ahead of emerging cybersecurity threats.
Finally, we offer practical strategies for implementing MFA in real-world settings. By highlighting the best practices and potential pitfalls, this chapter provides a roadmap for businesses to effectively leverage MFA to enhance their cybersecurity posture.
Chapter 11, The Future of (Multifactor) Authentication
Chapter 11, our final chapter, takes you on an expedition into the future, exploring how the emergence of Web 3.0 will reshape the landscape of digital identity and authentication. As we stand on the precipice of this digital revolution, we investigate the transformation that will ensue, emphasizing the implications for security, privacy, and user experience.
First, we introduce the concept of the Web 3.0 ecosystem, explaining its decentralization philosophy and how it will influence the nature of digital identity. Then, we discuss how Personally Identifiable Information (PII) will become more significant and unique in human and machine interactions in this new world.
We then delve into product trends, analyzing emerging technologies, such as verifiable credentials and innovative authentication mechanisms powered by blockchain and smart contracts.
Our exploration continues with the future of MFA, addressing topics such as passkey management, continuous authentication, and the potential of passkeys as a phishing-resistant MFA offering.
Chapter 11 culminates by pondering what lies ahead, leaving readers with a sense of anticipation and a broader understanding of the exciting possibilities that Web 3.0 brings to digital identity and authentication. This final chapter provides a peek into the future and equips readers with the knowledge required to adapt to and embrace the transformative wave of Web 3.0.