Many organizations are moving beyond passwords to secure, phishing-resistant forms of multi-factor authentication (MFA) for both computer and network login. Because of this shift, print dealers need to understand the new requirements and prepare to help clients implement phishing-resistant MFA for print, computer and network security. Solutions that use existing employee ID badges or access credentials as a simple yet highly secure method of logical access for PCs and networks are a natural way for print dealers to expand their Radio-Frequency Identification (RFID) reader business beyond secure print management.
The Move to Phishing-Resistant MFA for Computers and How Print Dealers Can Help
The Cybersecurity & Infrastructure Security Agency (CISA) recommends phishing-resistant forms of MFA for maximum security. Phishing-resistant MFA is increasingly required by cyber insurance companies to reduce risk. For organizations that handle sensitive data, it can also help maintain compliance with regulatory requirements for information security, such as ISO/IEC 27001, the Federal Information Security Management Act (FISMA) for government agencies, HIPAA for health care providers, the Family Educational Rights and Privacy Act (FERPA) for educational institutions and the American Bar Association (ABA) Model Rule 1.6(c) for lawyers.
Print dealers are in a great position to help clients navigate this emerging cybersecurity landscape and protect not only printed information but also computers, networks and data. Most dealers already offer software solutions for print management and security along with multifunction networked printers designed to work with employees’ existing physical access credentials (badges, smartcards or mobile) for secure print release. They can now add a new solution that meets modern cybersecurity requirements for computers and network or application login: passwordless login via RFID or near-field communication (NFC) credentials with optional true MFA. In addition to creating a new sales opportunity, offering RFID and mobile credential readers for computer and network login positions print dealers as leaders in total office equipment security.
What Is Phishing-Resistant MFA?
Phishing-resistant forms of MFA are those that reduce the risk of login credentials being acquired by bad actors either through phishing (tricking users into divulging the information or entering it into a fraudulent website) or other means of data interception. Phishing-resistant MFA eliminates the most vulnerable elements of the login process: the username and password.
Currently, the most common forms of MFA include push notifications to a trusted device (e.g., the user’s smartphone) or one-time codes, which may be sent by email or SMS text, or they can be generated by an authentication app on the user’s phone. After entering their login credentials, users must hit “accept” on the push notification on their phone or enter their one-time code into a separate screen. These methods can significantly reduce the risks presented by stolen or compromised passwords, but they aren’t perfect.
- Users can still be tricked into entering one-time codes and user credentials into a fraudulent login screen, giving threat actors access long enough to take control of the account, steal data or disrupt business systems.
- Sophisticated social engineering attacks, such as phone calls from cybercriminals pretending to be part of corporate IT, can manipulate users into revealing their one-time codes or accepting a suspicious login via push notification.
- One-time codes sent via text can be intercepted using attacks such as SIM swapping or exploiting vulnerabilities in communication architecture.
- One-time codes are also highly cumbersome for users, slowing the login process and resulting in many more failed login attempts. As users typically must log in to various systems and devices many times over a workday, this adds up to significant losses in overall productivity for organizations.
The adoption of phishing-resistant MFA for computers significantly reduces user-related vulnerabilities. By eliminating the need for users to input cumbersome passwords during the authentication process, these methods prevent the possibility of users inadvertently divulging critical information. Forms of MFA that don’t require direct user input of sensitive information can include:
- FIDO2 security keys with PIN: These keys support passwordless authentication, allowing users to access services securely via a known device (e.g., phone or computer) using local authentication to prevent interception. A PIN or password can be added for multifactor authentication.
- RFID cards or smartphone credentials with PIN: This method combines a physical RFID card (such as an employee ID badge) or NFC mobile credential (on a smartphone) with a PIN. Authentication requires the physical presence of the card or smartphone, rendering any intercepted PIN ineffective without the corresponding physical token.
How Print Dealers Can Help Clients Prepare
Many organizations using print management software already have their printers secured with RFID readers, enabling users to unlock the printers with an RFID card or smartphone. Others opt to use a PIN or password at the MFP. Given that upcoming regulations or cyber insurance requirements may require MFA at the printer in many industries, dealers should be recommending the RFID option to customers to future-proof their systems. Organizations of all sizes should plan to implement MFA soon as part of a broader zero-trust cybersecurity framework. It’s one of the three essential components recommended by CISA for all companies to lower the risk of ransomware and cyberattacks.
By educating customers on this issue and offering MFA solutions for computer and network login using the very same RFID readers as the MFPs, print dealers can establish themselves as valued partners in helping companies meet emerging cybersecurity requirements. Print dealers can help customers implement a passwordless, phishing-resistant MFA solution for computers using the same RFID readers already in use for print security. When applied as part of an MFA solution for computer login, RFID offers similar advantages—namely efficiency and security—plus the additional benefits of compliance (insurance, regulations, etc.) and real cost savings. These benefits are achieved through:
Simplify device login: Using a physical card, token or smartphone to unlock device access instead of a username and password significantly speeds up the process for users. Instead of typing a long password and checking their phone for a push notification or short-lived login code, they simply present their card or phone and enter a simple PIN.
Improve device security: MFA solutions using RFID/NFC make it impossible for attackers to trick users into revealing their passwords. These solutions can meet NIST, HIPPA and defense contractor requirements for MFA security.
Cost savings: Help desk calls and productivity downtime for forgotten passwords or lockouts have significant costs. Even the time required to type (and often retype) complicated passwords multiple times per day can add up over the course of a year—enough that the efficiency savings with tap-to-login are enough to pay for the solution itself.
Unify information security: The same combination of card/smartphone and PIN can be used for both logical access (to business systems and networks) and physical device access (to computers and, potentially, printers). This creates a unified information security architecture that’s simpler for both users and IT to manage.
For most organizations, the simplest way to implement phishing-resistant MFA for information security is by leveraging the RFID card employees already use for building access and identification. Passwordless login to computers, printers and business networks using an ID card and PIN is highly secure, simple for employees, and risk free related to phishing or interception of user credentials. A universal RFID reader can support both traditional cards and newer mobile credentials for maximum flexibility.
Print dealers are well positioned to help their clients make the switch to phishing-resistant MFA for all their office devices. Expanding their focus beyond printers to computers and other types of office equipment represents a new sales opportunity for RFID readers. At the same time, print dealers will be helping their clients modernize information security systems and meet emerging insurance and regulatory standards for cybersecurity.