Yes. ML-DAES uses multi-layered encryption that is quantum-resilient by design, removing the exposed credential layer that quantum computing would otherwise target.
Phishing prevention is one outcome, but it describes only one of the three credential claim types MyCena addresses. The full scope is: phishing and social engineering (~44% of credential incidents), shared and stolen credentials (~28%), and inactive account access (~29%).
Phishing fails because the credential is never typed — the phishing page has no target. Sharing fails because the user never sees the credential — there is nothing to copy, forward, or sell. Inactive account access fails because the organisation revokes every credential in seconds when someone leaves — there is nothing left active for an attacker to find.
These are not three separate features. They are three consequences of the same architectural decision: the organisation generates and controls the credential rather than the user.
It means exactly what it says. When MyCena is deployed, the organisation generates every credential centrally. The employee never creates a password. They are provisioned through the MyCena platform, and when they need to access a system — any system in scope — they click to connect. MyCena injects the credential at that moment, invisibly, without displaying it to the user.
The employee accesses everything they currently access. Their experience changes in one way only: they no longer type a password. Under the surface, MyCena has generated a cryptographically strong credential, distributed it encrypted, and injected it at the point of authentication. The user never sees it, never stores it, never knows it. It cannot be phished because there is nothing to enter on a fraudulent page. It cannot be shared because there is nothing to share. It cannot persist after departure because the organisation revokes it — not the user.
All three breaches used valid credentials — logins that every security tool in place verified as legitimate. The credential was real. The session was real. The access was normal. The tools did exactly what they were designed to do: verify that the person presenting the credential had the right to access the system.
In every case, the failure occurred before verification: the credential was created by a human, held by a human, and could be obtained by an attacker without triggering any existing detection. M&S: a third-party contractor held a credential to M&S systems — M&S had no visibility of it and could not revoke it. Colonial Pipeline: an inactive account credential was never revoked after the employee left. SolarWinds: a vendor build credential existed that no one in the organisation knew about.
All three entry points are closed by credential control — not because a detection system would have flagged the login, but because the credential would not have existed in human hands in the first place.
The credential control gap is the architectural space between who you are (verified by identity tools like IAM, SSO, and MFA) and what you hold (the actual credential that grants access). Every security tool deployed in the last 30 years operates at the identity layer — it verifies that the right person is presenting a credential. None of them control who generates that credential or whether it can be stolen before it is presented.
When an employee creates a password, that password exists in their memory, on their device, and potentially in a password manager they control. An attacker who obtains that credential before it reaches the authentication layer can authenticate as a legitimate user — and every verification tool will confirm the login as valid. That is why 81% of breaches succeed despite extensive identity and security investment.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
Ce site utilise Google Analytics pour collecter des informations anonymes telles que le nombre de visiteurs du site et les pages les plus populaires.
Garder ce cookie activé nous aide à améliorer notre site Web.