SafetyDetectives spoke with Hideez founder and CEO Oleg Naumenko. He is currently in Ukraine and has volunteered to help the government improve its cybersecurity by upgrading the infrastructure, eliminating vulnerabilities, and integrating the new passwordless authentication standard for free. We also talked about Hideez, and he gave some tips for improving your cybersecurity.
— I’m here with Hideez founder and CEO Oleg Naumenko. Thank you for taking the time to speak with me. What motivated you to start Hideez?
Hideez is a relatively young company that was founded in 2017. Our brand story began with my personal security incident. A few years ago, my email and social media accounts got hacked due to a leaked password. Attackers were able to withdraw a decent amount of money from my bank account, and it made me rethink my approach to data security. Eventually, I came up with the idea of creating a pocket device that can securely store and automatically fill in user credentials. And this is how our brand was born.
— Tell me about Hideez; what is your flagship product?
After a cybersecurity startup accelerator, our company has shifted its focus from B2C to the B2B market. We developed a universal identity and access management solution that can be used in a wide range of fields, including banking, healthcare, government, and other domains.
Our flagship product is the Hideez Authentication Server which allows using passwordless authentication tools with any service, even legacy ones. Our server has been developed based on FIDO2, an open authentication standard that harmonizes and simplifies the user online authentication experience. All FIDO specifications use public key cryptography to provide the most secure method of passwordless authentication.
Apart from the server, our enterprise solution includes a mobile app supporting passwordless authentication and passwordless desktop login and hardware security keys that work as handheld password managers and OTP generators on top of the above-mentioned features. In both cases, these authentication tools are much more secure and robust as compared with traditional passwords.
— Why are IAM and passwordless authentication such critical cybersecurity tools?
90% of all cyberattacks like phishing, ransomware attacks, and man-in-the-middle attacks stem from leaked user credentials. Using passwords as a primary authentication method is an outdated and dangerous habit that may result in heavy losses, especially if we talk about large companies. A transition to passwordless authentication is currently the most effective way to secure employee credentials and prevent data breaches in the long run.
— I understand that you are involved in strengthening the Ukrainian digital defense system. Can you elaborate on your efforts?
Since February 24, 2022, Ukraine has been facing a real next-gen hybrid war. Russian power structures have been attacking not only our territory, but also our critical infrastructure in cyberspace. Unfortunately, not all critical infrastructure providers are able to withstand those attacks.
This is why our team decided to voluntarily help Ukrainian agencies to upgrade infrastructure, eliminate vulnerabilities, and integrate the new passwordless authentication standard. We received government certification of compliance and began deploying our solution in state-owned companies for free.
— What are some of the main cyberattacks coming from Russia, and how does your technology prevent them from inflicting damage?
Most of the cybersecurity attacks in Ukraine are focused on user credentials. Therefore, government agencies and critical infrastructure providers are motivated to shift from password-based authentication to passwordless authentication at an accelerated pace.
Due to constant rush and overly stressful conditions, many employees can’t do their work efficiently. When they work during constant air raids and missile strikes, they can’t think about passwords and conformance to security policies. Workers often forget their passwords and lose access to their accounts even under normal operating conditions, not to mention during stressful wartime.
Anyway, our passwordless authentication system is not only about secure authentication. It improves user experience and brings the entire credential management system to a new level of quality, helping employees stay more productive.
— What can an average person, both in Ukraine and around the world, do to improve their online security and avoid things like phishing attacks and MITM attacks?
Every person regularly uses over 30 accounts across different websites and services. Most of them store personal information, and we should all think about their privacy. It has long been proven that traditional two-factor authentication is not safe enough. Nor are passwords, even the longest and most complex ones.
I recommend using hardware security keys for accessing the most critical services and software authenticators for services that are less important. Modern services like Gmail, Facebook, and Office 365 already support FIDO-based authentication, so you can easily secure your privacy with one of the above-mentioned methods of passwordless authentication.