Sign up to save your podcasts
Or
Share From SMS to FIDO2: A Small Business Guide to Phishing‑Resistant Authentication
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
From SMS to FIDO2: A Small Business Guide to Phishing‑Resistant Authentication
In this episode of the Small Business Cybersecurity Guide, hosts Noel Bradford and Mauven McLeod are joined by Mark Bell from Authentrend (episode sponsor) to explain why the mobile phone, long promoted as a convenient authentication tool, can be one of the weakest links in your business security.
Using real-world examples, including a recent breach of a 15-person firm that relied on SMS one-time passwords, the trio outlines how simple attacks, such as SIM swapping and code interception, make SMS and many authenticator app workflows vulnerable to targeted attackers.
The hosts define multi-factor authentication in plain terms and introduce FIDO2/passkeys and hardware security keys as effective, phishing-resistant alternatives. Mark describes how hardware keys utilise public-key cryptography and local biometric verification (fingerprint on the key), ensuring that private credentials never leave the device, thereby preventing attackers from reusing intercepted codes or tricking users into authenticating to fake sites.
Practical implementation advice is covered in detail: start with a risk assessment, deploy keys in phases (prioritise privileged accounts and executives), run a pilot with high-risk users, and require at least two keys per user for redundancy. They discuss costs (roughly £45 per key, with a 10-year lifespan), the productivity and help-desk savings from passwordless authentication, the effects on cyber insurance and compliance (including Cyber Essentials updates and the gap between compliance and proper protection), and strategies for legacy systems and remote workers.
The episode also highlights human factors, including making authentication easy to use (biometric keys), providing clear training and internal champions, and anticipating user resistance, which can be managed through leadership buy-in and phased rollouts.
Listeners are urged to assess their critical accounts, prioritise hardware keys for high-risk users, and run a small pilot rather than waiting for discounts — because, as the guests stress, hardware keys can stop roughly 80% of credential-based breaches in practice.
Guests and links: Noel Bradford and Mauven MacLeod (hosts), with guest Mark Bell from Authentrend
The show notes include links to Authentrend products,NCSC guidance on passkeys and FIDO2, and step-by-step implementation resources for small businesses.
View all episodes
By The Small Business Cyber Security GuyIn this episode of the Small Business Cybersecurity Guide, hosts Noel Bradford and Mauven McLeod are joined by Mark Bell from Authentrend (episode sponsor) to explain why the mobile phone, long promoted as a convenient authentication tool, can be one of the weakest links in your business security.
Using real-world examples, including a recent breach of a 15-person firm that relied on SMS one-time passwords, the trio outlines how simple attacks, such as SIM swapping and code interception, make SMS and many authenticator app workflows vulnerable to targeted attackers.
The hosts define multi-factor authentication in plain terms and introduce FIDO2/passkeys and hardware security keys as effective, phishing-resistant alternatives. Mark describes how hardware keys utilise public-key cryptography and local biometric verification (fingerprint on the key), ensuring that private credentials never leave the device, thereby preventing attackers from reusing intercepted codes or tricking users into authenticating to fake sites.
Practical implementation advice is covered in detail: start with a risk assessment, deploy keys in phases (prioritise privileged accounts and executives), run a pilot with high-risk users, and require at least two keys per user for redundancy. They discuss costs (roughly £45 per key, with a 10-year lifespan), the productivity and help-desk savings from passwordless authentication, the effects on cyber insurance and compliance (including Cyber Essentials updates and the gap between compliance and proper protection), and strategies for legacy systems and remote workers.
The episode also highlights human factors, including making authentication easy to use (biometric keys), providing clear training and internal champions, and anticipating user resistance, which can be managed through leadership buy-in and phased rollouts.
Listeners are urged to assess their critical accounts, prioritise hardware keys for high-risk users, and run a small pilot rather than waiting for discounts — because, as the guests stress, hardware keys can stop roughly 80% of credential-based breaches in practice.
Guests and links: Noel Bradford and Mauven MacLeod (hosts), with guest Mark Bell from Authentrend
The show notes include links to Authentrend products,NCSC guidance on passkeys and FIDO2, and step-by-step implementation resources for small businesses.