A recent NIST Study has found that users are experiencing 'security fatigue'.
Security fatigue is caused by users having to remember yet another password, register for yet another online service, or being told they must do (or not do) something related to IT security. The impact is poor security, which leads to cyber-attacks and lost business.
Even if it costs more, it’s often easier to buy something from an online retailer that we’ve already registered with, simply because it means we won’t have to register for another shopping cart with yet another new password. Businesses are losing customers because of this kind of fatigue.
Sharing passwords between services weakens a user’s online security and risks exposure to hackers. If your password is stolen from one site, it can be used on another. At the time of writing, there are currently 1.8 billion usernames and passwords available on the dark web which have been exposed during data breaches, and we can be pretty sure that cyber criminals are using them for personal gain of some sort.
All of this is security fatigue: it’s a real problem, and one that will only get worse, as we continue to expect users to remember lots of different passwords and requirements. As well as making life more difficult than it needs to be for the user, it means storing user credentials within your online service – a process which opens you up to hackers, who might be looking to sell these credentials on.
Fortunately, there is a solution available which can help with these issues! By removing the need to store credentials and allowing the user to use a credential that they already have and probably use daily, Azure Active Directory B2C can reduce security fatigue.
Azure Active Directory B2C is a new service from Microsoft which, through the provision of identity management, allows you to concentrate less on the issue of authentication and more on the features of your online applications.
Users are made able to use a social login such as Facebook, Amazon, Google, etc., with email and password as a backup if they don’t use any of the configured providers. Subsequent authentications are simple, as the user just needs to remember which provider they chose during registration. As a result, they don’t have to remember yet another password; they’re using credentials you use every day. What’s more, you don’t have to store their credentials, which reduces the size of your attack surface.
“You know it’s scalable, highly available and secure.”
Integration into your application is relatively simple, with Microsoft providing libraries that contain all the heavy lifting around authentication. The libraries are available in several flavours (.Net, PhP, etc) and as B2C uses standards based OpenID Connect and OAuth behind the scenes any standards compliant library will work. Additionally, plugins for popular applications such as WordPress are already available, making basic implementation nothing more than a configuration exercise.
As the name suggests, Azure Active Directory B2C is built upon the already massively used Azure Active Directory, so you know it’s scalable, highly available and secure. It’s also customisable, allowing you to tailor the user experience and branding to your needs. You can gather additional information during registration, and this can be used within the application (e.g. home address).
If you have more than one application configured within your Azure AD B2C tenant, you will be able to reuse the registration and login info between the applications giving you single sign-on (SSO) between applications.
By implementing Azure B2C for your online services you will not only help in reducing security fatigue for your users; you’ll also gain be able to use single sign-on between applications and reduce the attack surface of your application.
Next, download our e-Guide ‘Drive GDPR compliance with Azure AD B2C for web applications’. Find out how you can remove one of the weakest technological links in the struggle against cyber-crime.
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.