Decentralized Access Solutions

Prevent phishing and ransomware attacks

Why MyCena?

Centralised Access Accelerate Infections

For years, centralized and privileged access has paved the way for cyber-pandemics. Set up to be fast and convenient, they give a blanket access to users – and hackers – once through a main gate to all other systems. This approach facilitates lateral movement and creates the perfect launchpad for supply-chain and ransomware attacks.

If this sounds familiar, it is because that is how COVID-19 spreads: when you put everyone in the same room, if one person has COVID, the virus will quickly infect others too.

Lessons from microbiology

Microbiology was born in the 16^th century with the theory of contagious diseases. When COVID-19 hit the news, scientists knew exactly what first measures to take to stop the chain of contaminations. Almost overnight travels were halted, borders were shut and half the world went into lockdown. People were asked to stay home, social distance, wear masks and wash hands. Social gatherings were restricted as they multiply the risks of spreading the virus. (More…)

Decentralized access: the only path to cyber-resilience

To prevent a virus from spreading, the same rules apply in microbiology and cybersecurity. To mitigate viral pandemics, we apply social distancing, wearing masks and washing hands. To mitigate cyber pandemics, we need to apply systems distancing, protecting each system with strong unique passwords and decentralise credentials.

But the problem is our brain can’t create or remember those strong unique passwords. So we had to think of another way.

Trying to solve weak passwords

The human brain was never meant to create and remember strong unique passwords. So when people need dozens of passwords, they simply use the same simple password or password patterns they can remember. Hackers simply crack them using social engineering, brute force, credential stuffing, dictionary attacks, password spraying… over 80% of data breaches start with weak, reused and stolen passwords.

Why centralising access is unsafe

To go around the problem of people using weak passwords, a first generation of solutions centralised passwords on the cloud, giving people a single password to remember. But what was convenient for users was also convenient for hackers. From one breach, they could now access everything under that account.

Ironically, centralised access never solved the weak passwords issue. It just concentrated the problem in one place, making master passwords a massive blind spot for company security. Because brains still can’t remember strong passwords, people continue to use easy-to-remember passwords, even though these passwords meet the criteria of length, special characters, lower and upper case required. For example, Maria2020Mars123! Is 17 characters, fits all the criteria but is still weak and easy to crack.

The peril of privileged access

Some credentials have higher ROI than others. In the physical world, imagine if robbers wanted to steal from hotel rooms, they would try to get the master key from hotel managers to access all the rooms. Online, cybercriminals target IT and top executives to get their high privilege access keys, either directly or after breaching the network.

Increased third-party risks

Since many companies have interconnected networks through their supply chain, stolen credentials in one company often lead to a cascading effect of further breaches in their network.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication is great whenever possible. But hackers have become proficient at SMS interception and SIM swaps, so you just can’t rely on MFA for security, especially if your password is weak.

Is “passwordless” centralised?

“Passwordless” doesn’t mean passwords have disappeared from your company infrastructure. It just means people don’t need a password to open their main access. When that first door opens, all the other doors open from this one central command, therefore facilitating lateral movement for users and for hackers.

The risks of sharing your “identity”

After the cyber-pandemics of 2020 (SolarWinds, FireEye, Microsoft, US government agencies…) we can ascertain that in a global digital world, you should trust no one to keep your data safe. That is why fragile data like fingerprint, voice, face or retina… should never be shared nor stored on public servers. Unlike a password, they cannot be changed.

How to decentralise credentials safely

It took MyCena’s founder decades of struggling with her passwords – and a trip to the Ancient city of MyCenae – to find a way to safely decentralise credentials.

Passwords are just digital keys.

There is no need to create, type, memorize or even know your passwords to use them. You just need to be the only person who can safely look up them up and use them.

Inspired by the multi-layer security of the Ancient fortress city, we created a new way to use passwords called Method of Access for Structured Stored Data (patent-pending).

“Never memorize something that you can look up.” ― Albert Einstein

Passwords are just keys

In principle, passwords are just keys. When you need to open a door, you don’t have to create or remember a new key every time. You simply take the right key out and use it. MyCena applies that principle to passwords, which is actually an old concept. Just think about “Open Sesame”.

no mental effort for users

From that discovery, we created a robust portfolio of solutions based on the principle of a local MyCena fortress with multiple layers of security (Bronze, Silver and Gold), which only the owner can access with a combination of fingerprint, face ID, PIN, lock pattern and passphrase.

To use a password, enter your fortress, find the encrypted password and use it. There is no master password, no central point of access. MyCena generates strong unique passwords for all your accounts and saves them. Only open a door when you need to enter. With no passwords to create, remember, type or see, MyCena is quick, accurate, safe and reliable, prevents typing errors, and defeats keyloggers and screen-loggers.

Locally, not on the cloud

Instead of storing passwords on the cloud, passwords are encrypted and saved under three levels of security locally. Hackers can’t just crack one master password in order to get all the other ones. Even if they have access to your device, they still have to break through three different modes of personal security.

automated credentials security

Not all passwords have the same importance. MyCena offers three levels of protection for passwords, depending on their sensitivity. Generally, we recommend putting low sensitivity passwords like newsletters in Bronze level, medium sensitivity passwords like social media in Silver level, and high sensitivity passwords like banking in Gold level.

To access the different levels, each user needs a combination of finger print, face ID or PIN for Bronze, lock pattern for Silver and passphrase for Gold, all of which are saved locally.

Apply MyCena passwords everywhere, even on legacy systems

Passwords can protect every system when they are strong and unique, even legacy systems. They are versatile, economical, changeable and shareable. Which is why you see them everywhere … from the core (servers) to the edge (IoT, user).

With MyCena, you can turn each access point to any IT, OT, IoT, account, server…into a stronghold.

Mitigate the next attack

No one knows where the next breach will come from, whether it will be a sophisticated attack or an insider threat or phishing. But any organisation can prepare to mitigate against spreading it just like a country against spreading a biological virus. With a distributed architecture, smaller data clusters and locked doors by default, you can mitigate the risk of the next breach spreading into a cyber-pandemics.

For example, if one system password is phished, it will only affect that system and the password can’t be reused for any other account. If you find out there was a breach, you can just change that one password using MyCena without touching any other password. That dramatically reduces your exposure to phishing and headaches after a breach!

MyCena Desk Center for people working from home

There are two business versions of MyCena. MyCena Desk Center (MDC), a desktop version for Mac, Windows and Linux, was developed for containerised environments such as call centers, contact centers and BPOs where passwords cannot be shared outside the company console.

If your company follows strict security rules and shifted to work from home, MDC can be used to make sure employees can only log into their systems using strong unique passwords.

Visit MyCena Desk Center

MyCena Business Fortress for people on the move

MyCena Business Fortress (MBF), a mobile version for Android and iOS was developed for people on the move, MBF is more flexible and allows people to safely share passwords with one another through MBF or MyCena Personal Fortress (MPF).

MBF allows you to seamlessly copy your encrypted passwords from your mobile MBF into any desktop application using MyCena browser extension, available for Chrome, Safari and Firefox.

Visit MyCena Business Fortress

Easy to roll out with Mycena console

MyCena console allows managers to distribute and control all company credentials from one place, without anyone seeing any passwords. Designed to integrate with existing business processes without change of any infrastructure, it powers a highly scalable and secure credentials management system. Hassle-free with no master password, noone needs to create, type, see or memorize any password.

MyCena console user guide shows you how to enrol users using Active Directory and templates, preload systems and passwords, manage rules, attributes, roles and permissions… To help you leverage the full power of our solution, you can also use our implementation templates ( IT, servers, IoT, call center agents…) to minimize the number of steps and avoid errors.

Easy To Use For Employees

There is nothing more frustrating than forgetting your passwords over and over again. For IT helpdesks, resetting passwords represents 50-60% of their time! Meanwhile, waiting for passwords to be reset represents hours of productivity sink for employees.

Because there is no password to forget with MyCena and because of its simplicity of use, both IT and users can save a huge amount of hours and frustration, improve their workflow and increase their productivity.

Smooth transition period

If you are worried about minimizing disruptions on current operations, you can use a “buffer time“ during which users can upload and use their existing passwords until it is time for a password change.

No more password sharing in clear text

Sharing passwords in clear text is very common, via email, text, post-it or the cloud. How many IT teams share all their passwords on a spreadsheet on the cloud? How many people have passwords written down next to their computer?

To end these insecure practices, managers use MyCena to distribute encrypted, unique and strong passwords to each user within their local MyCena credentials fortress. If permitted by their company console, users can also safely share encrypted passwords among colleagues from fortress to fortress without anyone seeing them.

Reduce passwords theft and fraud

In MyCena, only the user can access and use their passwords without seeing them. That reduces the risks of password theft from keyloggers, screen loggers, social engineering, credentials stuffing…

If a password is phished, the others can’t be found since all passwords are auto-generated and independent.

Managers can also make passwords non-readable by default, meaning you can use them but not see them, which reduces the risks of password fraud.

People create security shield

People are a company’s strongest asset yet often seen as the weakest link in cybersecurity. When correctly leveraged though, people can create a security shield between your systems and automated hacking bots. Here is how.

To open a physical door, you need a real human to pick up a key, insert the key in the keyhole and turn the key to the open the door. A bot cannot do that.

With MyCena, you also need a real human to access their local fortress security levels, pick up a password and insert it in the right system to login. A bot cannot do that either.

Monitor compliance without seeing passwords

Do you want to make sure your employees use their MyCena passwords? The optional Governance, Risk and Compliance (GRC) module helps you to monitor usage without seeing anyone’s passwords.

Different flags, warnings and alerts are set for managers to spot unusual behaviours, for example if an employee has accessed the same password multiple times or if they have not accessed their fortress for a long period of time.

Mental relief for managers and users

Passwords are a common nightmare with “password breakdowns” affecting people’s mental health. Thanks to MyCena, people don’t need to think, create, remember or worry about passwords ever again, removing a huge pain over passwords!

For managers, it is a double relief as it removes their largest security blind spot: passwords. They no longer need to worry about whether people are still using the same password or if they follow security rules, since people are not involved in their creation. They can simply choose the maximum length of characters allowed by each system.

Every organisation needs MyCena today

For years, over 80% of data breaches have started with passwords. It’s simply the easiest and cheapest way to hack! With COVID-19 pushing people to work from home, people further lost their office protection, connecting to company data using unsafe WIFI networks and unprotected devices. Hackers have taken advantage of the security chaos to launch industrial-scale attacks and maximise profits from ransomware, selling data, selling credentials… In fact, cybercriminals’ return on investment is now 1.5 time higher than counterfeiting and 2.8 times higher than drug trafficking. The lure of profits has prompted fierce competition between rival hacking groups who now race to get victims locked first.

All organisations in all sectors are impacted and need MyCena today: Government, Military, Police, Telecommunications, Security, Finance, Insurance, Banking, Infrastructure, Utilities, Transportation, Healthcare, Manufacturing, Publishing, News, Travels, Legal, Retail, Supply Chain, Non-profit, IT, IoT, E-commerce, etc.

Protect the future of digital

To restore trust in networks, token gestures aren’t enough anymore. To sustainably protect the future of digital, companies and countries need to adopt a more balanced approach to digitisation, whereby success is measured as much by their accessibility as by their security.

Not only is MyCena easier to use and implement than most cybersecurity solutions, it is also more affordable and great value for money. Investing in MyCena innovative solutions will dramarically improve your security, help you comply with GDPR, LGPD, NYPA, HIPAA, CPRA…, and reduce disputes, litigations, fines and remediations over responsibility for frauds and breaches. By strengthening your systems security, you state to your employees, partners, suppliers, customers that you care about their security, and that whatever you build is “built to last”.

Customer Testimonial

#1

From compliance with LGPD to thwarting brute force attacks

"When we started the project to adapt the company to the LGPD, in the first few months we learned about and adopted the Mycena Security – Business Fortress credential management solution, as we understood that, at that time, having protection of the credentials of assets and systems would make us less vulnerable to attacks and invasions. It was a great surprise to have the result in the first weeks when Microsoft Azure security tools pointed out that some brute force attack attempts were frustrated due to the tool architecture, usability, and strong passwords we achieved when we started adopting Mycena."

#2

Reduction of contractual fines and other financial losses arising from fraudulent actions

"With Mycena we eliminate the sharing of passwords among employees. In other words, we make the environment strong and safe against improper actions; and in cases where such actions occur, we can directly attack the Root cause through the IP monitoring that the solution offers. This is now considered legal evidence for action of just cause, as we were able to prove systemically that the action departed from the employee intentionally. Another detail here is the trust we pass on to our client contractor influencing indirectly the portfolio/volume increase for our EPS. Thus increasing revenue"

#3

Reduction of unproductive hours

“With the use of Mycena we reduced by approx. 95% the pauses and loss of LOG arising from password forgetfulness or excessive unsuccessful attempts. By attacking this reduction, we increased the productive capacity for delivery of the planned work to reach our KPIs. This directly affects the entire planning process because with greater production capacity we hire a smaller number of people (we reduce the % of unavailability that we put in sizing) and no longer have burden on KPIs, going to the bonus scenario in billing."

#4

Solution to counter rising cyberattacks with COVID-19 Work From Home

" I assumed the position of responsible for the company's technical area at the peak of the pandemic. All of our home-office employees were remotely accessing the server, with all access centralized being fast and convenient, until we started having out-of-hours access attempts from unidentified addresses. That's when the need arose for a tool to decentralize this user information and increase our security. With MyCena I can have total control over the accesses and passwords of each user, facilitating the identification of access and password control in a single portal, in addition to the reports that we can extract quickly and conveniently.”

WHERE DO I START?

Use the Credentials Security Level (CSL) assessment tool to find out where to start

Discover your CSL

As seen in...

Subscribe To Newsletter

Receive our cybersecurity digest directly in your mailbox