Notifications
Clear all
Topic starter
12/06/2026 10:10 pm
TL;DR: Identity-based attacks are rising fast, with IBM cited in the source article as reporting a 71% increase in attacks using valid login credentials, while recent Snowflake-linked incidents exposed how stolen credentials and weak MFA coverage can cascade into large-scale customer data loss. Phishing-resistant authentication now matters because conventional MFA still leaves exploitable human and process gaps.
NHIMG editorial — based on content published by Axiad: Identity Gaps: The Need to Use Both x.509 & FIDO
By the numbers:
- IBM found a 71% rise in attacks using valid login credentials.
- 560 million Ticketmaster users' personal and payment details, nt details were exposed.
Questions worth separating out
Q: How should security teams reduce phishing risk in cloud authentication?
A: Start by removing reusable secrets and weak approval-based factors from the highest-risk access paths.
Q: Why do weak MFA deployments still lead to major breaches?
A: Weak MFA still leaves room for prompt fatigue, code interception, account reuse, and policy gaps across applications.
Q: What do organisations get wrong about certificate-based authentication?
A: They often assume certificates are just another login method, when they are really a way to bind identity to hardware-backed proof.
Practitioner guidance
- Inventory phishable authentication paths Map all workforce, admin, and third-party access paths that still rely on passwords, OTPs, or push approvals.
- Replace weak MFA on high-risk accounts Move the most sensitive accounts to phishing-resistant methods first, including hardware-backed certificate authentication and FIDO where supported.
- Close third-party and demo-account gaps Review inherited, vendor, and demo accounts separately from employee accounts, because these paths are often excluded from central MFA policy.
What's in the full article
Axiad's full blog covers the operational detail this post intentionally leaves for the source:
- A step-by-step explanation of how x.509 certificate authentication works in enterprise environments
- A deeper walkthrough of FIDO passkeys, including where coverage gaps still exist
- Practical implementation examples for Windows, macOS, Salesforce, and Office 365 access
- Vendor-specific guidance on how the authentication flow fits existing IAM platforms
👉 Read Axiad's analysis of identity authentication gaps and phishing-resistant MFA →
x.509 and FIDO for cloud auth: are your controls keeping up?
Explore further
13/06/2026 12:45 am
Phishing-resistant authentication is now an identity governance requirement, not an optional hardening step. The article’s central lesson is that cloud breaches increasingly begin with valid credentials rather than exotic exploitation. That shifts the control discussion from password strength to whether authentication can survive phishing, prompt abuse, and third-party exposure. Practitioners should treat resistant authentication as a baseline control for any account that can reach production or sensitive customer data.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.
A question worth separating out:
Q: How do teams decide where to use FIDO versus certificates?
A: Use FIDO where supported applications and devices can rely on passkeys without fallback to weaker factors, and use certificates where enterprise workflows or platform coverage are not yet complete. The decision should be based on coverage, compatibility, and risk, not preference. The objective is consistent phishing resistance across access paths.
👉 Read our full editorial: Identity gaps in cloud auth show why phishing-resistant MFA matters
