Limit rising security threats with passwordless MFA from Transmit Security and Microsoft

by Contributed | Jan 31, 2023 | Technology

This article is contributed. See the original author and article here.

In this guest blog post, Ravit Aviv, Technology Alliances Director at Transmit Security, discusses passwordless multifactor authentication and how Transmit Security works with Microsoft Azure Active Directory B2C.

We are all too familiar with the problems of passwords. New data from Microsoft provides a unique perspective on the state of cybersecurity based on 43 trillion signals from billions of logins every day. The 2022 Microsoft Digital Defense Report reveals:

• The volume of password attacks has risen to roughly 921 attacks every second.


• Password attacks increased 74 percent in the past year.


• Roughly 20 percent of people reuse the same passwords for many websites and apps, making them easy targets for credential stuffing or password spraying.


• Over 90 percent of accounts compromised by password attacks lack strong multifactor authentication (MFA), like SMS OTPs or FIDO2 authentication.

The report goes on to say, “We have seen a rise in targeted password spray attacks, with very large spikes in the volume of attacker traffic spread across thousands of IP addresses.” The attackers’ efforts to hide from standard defenses and remain untraceable highlight yet another problem. Threats are growing more sophisticated.

Why replace passwords and basic MFA?

MFA has become essential to fend off the growing volume of digital identity threats and prevent account takeover (ATO) fraud. But for many organizations, SMS one-time passcodes (OTPs), magic links, and authenticator apps add more friction than their customers will tolerate.

More importantly, these multi-step MFA methods are still vulnerable to smishing, man-in-the-middle, and other attacks, resulting in a clunky customer experience that is susceptible to compromise.

PSD2 compliance: Is your MFA strong and simple enough?

To comply with security regulations like PSD2’s strong customer authentication (SCA), most financial services use SMS OTPs or an authenticator app. But the added friction of having to download and use an app reduces the customer adoption rate, and OTPs can lead frustrated customers to call support or drop off entirely.

The combination of an OTP and a password technically meets the requirement for two factors, but this won’t prevent ATO fraud if the device is infected with spyware or the session is hijacked. To take over accounts at scale, hackers are now using OTP interception bots that make it easier than ever to snag passcodes in transit. Plus, some bad bots bypass OTP authentication altogether.

How passwordless MFA works differently

When you authenticate customers based on FIDO2, the most current set of passwordless standards by the FIDO Alliance, you know who is accessing the account. And, if done correctly, you completely eliminate shared secrets — not just passwords but OTPs and all data that could expose you to attacks.
With true passwordless authentication, customers simply use a fingerprint or facial biometric to achieve the strongest form of MFA in one simple user action. Logging in is faster, easier, and vastly more secure.

How is it multifactor? Only the real customer’s biometric (inherence factor) unlocks a private key (possession factor) stored on the user’s device.

What’s to prevent the biometric and private key from being compromised? By leveraging public key cryptography (PKI), the biometric and the private key remain secure, never leaving the user’s device. The private key signs the authentication challenge, and only the signed challenge, void of any identifying data, is sent over the web. On the receiving end, the matching public key is used to verify the challenge. It all happens in a few seconds, and you’ll know who the individual is with a high level of confidence.

Key differentiators to look for in a passwordless solution

• MFA by design: Methods should include FIDO-based passwordless and passkeys.


• With or without an app: Gain flexibility to optimize customer experience and security as needed.


• Omnichannel experiences: Let users move across channels with a single identity.


• Multi-device support: Enable users to log in from any of their devices.


• Ease of deployment: Plug-and-play services optimize all scenarios and flows.


• Continually updated for compliance: Stay in compliance with a service that’s continually updated to meet the latest requirements.
  
  

Integrate Transmit Security passwordless MFA with Azure AD B2C

You can now fortify Microsoft Azure Active Directory B2C with Transmit Security passwordless MFA (available in the Azure Marketplace), designed to authenticate customers based on their true identities.

With Transmit Security, customers only register one account with your business and then log in with a biometric on any channel, using any of their devices, without ever entering a password or storing credentials in the cloud. Our unique device-binding method makes it easy and secure for customers to transfer trust to any of their devices, binding them all to one unified identity.

This cloud-native service seamlessly integrates within your new or existing Azure implementation. Passwordless MFA works alongside all methods of authentication provided by Azure AD B2C and supports other implementations like FIDO passkeys, an extended version of FIDO credentials. This allows you to give customers login options that satisfy their preferences while enhancing your security posture. Over time, you’ll be able to transition all customers to passwordless.

In a press release announcing support for the FIDO standard, Alex Simons, Corporate Vice President, Identity Program Management at Microsoft, said, “The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multifactor authentication methods used today.”

“Microsoft is thrilled to have Transmit Security as a Solutions Partner for Security,” said Yvonne Muench, Senior Director - Marketplace & ISV Journey at Microsoft. “Transmit Security is committed to helping Microsoft customers leverage the benefits of passwordless authentication via Microsoft Azure Active Directory B2C. Having an experienced and trusted security partner like Transmit Security building on and augmenting native Azure capabilities really helps support and drive the vision of a passwordless future.”

Visit Microsoft Learn for a simple step-by-step guide on how to configure Transmit Security passwordless MFA with Azure AD B2C. You can customize or brand the UI and roll out hundreds of user flows out of the box. It’s easy to set up secure and smooth password-free experiences across all channels and devices.

Secure the full identity lifecycle

By removing customer passwords, your greatest security risk is gone. But today’s more sophisticated ATO fraud can compromise customer accounts before, during, and after the login. By implementing passwordless MFA as well the Transmit Security Account Protection service, you’ll seal the cracks across the full identity lifecycle.

Real-time risk and trust assessments correlate hundreds of signals to detect signs of ATO fraud anywhere in the customer journey, from registration to account recovery and every step in between. Any time risk is detected, you can challenge the user with true passwordless MFA. Together with Azure AD B2C, you’ll gain a formidable defense against ATO fraud.

Explore what you can do with Azure AD B2C and Transmit Security.

New transactable offer from Airplane Solutions in Azure Marketplace

by Contributed | Jan 30, 2023 | Technology

This article is contributed. See the original author and article here.

Microsoft partners like Airplane Solutions deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about this offer below:

Airplane Pricing: This SaaS solution handles large volumes of transactions quickly and accurately while providing real-time fare quotes for airlines, trains, and shipping companies. With Air Pricing, you can reduce GDS cost and dependencies by 75 percent of the distribution cost for direct channels. You can also integrate this tool with other inventory systems such as Amadeus, Navitaire, or airline passenger service systems.

Getting started with ML.NET

by Contributed | Jan 28, 2023 | Technology

This article is contributed. See the original author and article here.

What is ML.NET

Machine learning (ML) is everywhere. We use ML empowered applications every day: when choosing the next TV series to watch based on Netflix recommendations for example, or when asking Alexa to play our favorite song. Soon every application on every platform will incorporate some ML capabilities, empowering the application itself and making it smarter.

This is the key reason why ML has been added into the .NET ecosystem a few years back, by creating an open-source framework (ML.NET) which enables developers to train, build and ship custom ML models for a wide range of scenarios (sentiment analysis, forecasting, recommendations and more). Since then, the framework has evolved a lot, incorporating new features, with the preview release of the latest version (ML.NET 3.0) being announced a few weeks ago.

Now, you could argue that there’s tons of ML frameworks over there, so what’s the difference between ML.NET and the most common frameworks for data scientists (like scikit-learn, pytorch or tidyverse)?

• ML.NET is not designed for data scientists only: people with different levels of ML understanding can empower their .NET solutions with some kind of AI. And this is immediately clear when thinking about the languages used for ML models development in this framework (C# and F#) which are the standard languages for .NET ecosystem, but not the languages traditionally used for data science and modeling – Python and R.


• Another characteristic of this framework, which makes explicit the mission of democratizing the art of ML, is the availability of a graphical user interface as a Visual Studio component (called Model Builder) to build and deploy ML models in a few clicks.


• Also, key objective of this framework is to make ML consumable, by providing tools to automatize not only the model training process but also some of the classical MLOps tasks, like model maintenance (retraining) and integration of the model in a client application.

Model builder

We mentioned that one of the key differentiators of this framework is Visual Studio Model Builder feature. And it is also the best place to start for ML beginners that wish to train a custom model on their scenario and data, and then consume it in their application.

After installing the Model Builder component, you can open its user interface (UI) from Visual Studio by right clicking on the project item of your solution in Solution Explorer and then selecting “Add -> Machine Learning”.

At this point, Model Builder provides you with a step-by-step procedure to import data, train and evaluate custom ML models for the scenario that best suits your application’s needs.

You can choose between different kinds of scenarios, including:

• Classical ML use cases – like classification or regression: Model Builder uses Automated ML to train multiple models from your data in parallel and then pick the best one according to pre-defined evaluation metrics.


• Deep learning use cases – like image or text classification: Model Builder uses your data to fine tune pre-trained deep learning models (e.g. NAS-BERT or Inception).

In any case, once training is completed, Model Builder generates the code that you can use to re-train the model (for example to tune hyperparameters or update the dataset) and consume it in your app.

ML.NET API & AutoML

The ML.NET API enables you to integrate machine learning into your new or existing .NET applications by installing the Microsoft.ML NuGet package. This option might be for you if you’re familiar with ML and looking for ways to best leverage ML in your application, with the familiarity of the .NET platform in C# or F#.

ML.NET is supported on:

• .NET


• .NET Core 2.0 and above


• .NET Framework 4.6.1 and above.

You can also automate the process of applying machine learning, known as AutoML through the API. The typical ML workflow includes the iterative steps of preprocessing, training, and evaluation, repeating these steps until it reaches the desired results. With each iteration optimization techniques applied during the training and evaluation phases select the best algorithm and hyperparameters. If you’re a beginner to ML but want to use AutoML in your application, you can use the defaults provided in the API and let AutoML handle the rest. The API also enables experienced users to extend the defaults and customize the model. The AutoML API can be found within the Microsoft.ML.AutoML package on NuGet.

Model deployment

When your model is complete, there are various options for deploying it to the cloud with Azure. We’ll walk through how you can deploy your model to the cloud as a web API in Azure App Service, Azure Container Apps or Azure Functions.

Consuming a trained model begins with saving and exporting it. An exported model can be used with any .NET application or Azure Function through the ML.NET API in C# or F#. To use it, you’ll first add the exported model to the project, then use the API to import and load the model and finally add input data to make predictions. Refer to the documentation on options and tutorials on how to export and load your models with either the ML.NET Model Builder or ML.NET API.

In an ASP.NET application, whether it’s a web app like Razor Pages or an API, you’d use a controller class to access your trained model to use any input from a HTTP request or return predictions in a response, in addition to other controller tasks. To deploy your ASP.NET application to Azure, first build it locally in Visual Studio, then deploy it to App Service or Azure Container App through Visual Studio’s Azure development workload.

With Azure Functions you can run small pieces of code in a serverless environment in the cloud via triggers, which will run the functions code and define how it’s invoked. This is a cost-effective option for consuming a model across various applications. One option for integrating a model into a function is through an HTTP trigger, which invokes the function via an HTTP request, where your trained model can use input data from an HTTP request and send predictions in a response. With the Azure development workload in Visual Studio, you can create and test a local function with your trained model, and finally deploy your function to Azure.

How to get started?

ML.NET enables all .NET developers any level of data science experience can build ML models with the tools and platform they know. With a variety of scenarios to choose from, you load data to build a model with the Model Builder in Visual Studio or the ML.Net API.  You can build ML pipelines that automate iterative steps within the workflow, creating the best version of your model. ML powered projects can be deployed to various platforms, including the cloud where a deployed ML.NET model can consume new data and return results, enabling end users to leverage ML within your application.