Phishing Resistant Authentication: Options are Getting Better
What's the largest part of the attack surface of any organization? It's the identity.
Password fishing (phishing) is the most successful attack technique, with insecure password logins being responsible for over 80% of data breaches. Furthermore, passwords are a productivity drain: 20-50% of helpdesk calls are password-related.
Ransomware threat actors will focus on compromising identities, i.e. trick users to reveal credentials or exploiting weak authentication (such as lack of multifactor authentication). Once gaining a foothold into an organization as a legitimate user, it's much easier to move laterally, escalate privileges, etc.
So much are attackers focused on breaching credentials (mostly via phishing), that a case can be made ransomware is mainly an identity attack problem.
That's why phishing-resistant multifactor authentication (MFA) is rapidly gaining traction, chiefly the FIDO2 passkey enabled tokens.
The market is developing fast and vendors such as Thales are introducing new options all the time.
Combining NFC for easy interfacing with laptops and smartphones, as well as fingerprint biometrics, Thales IDPrime FIDO Bio Smart Card is a good example: