Cybersecurity challenges continue to evolve at an alarming pace, with identity-based compromise being a major risk. For IT and security decision-makers, prioritizing end-user credential security is no longer optional—it is essential. From increasing phishing attacks to memory-based malware, businesses must adopt robust measures to protect credentials and maintain operational integrity.
Invest In Credential Security. No, Really.
End-user credentials are often referred to as “keys to the kingdom” for good reason. When compromised, they can provide access to all sensitive information and systems in local network or remote applications and infrastructure, which makes them the prime target for adversaries.
The statistics on identity compromise are alarming. According to IBM, cyberattacks using stolen user credentials increased by 71% in 2023, underscoring the urgent need for credential-based security measures. CrowdStrike’s 2025 Global Threat Report states that identity attacks are among the most effective threats, fueled by the rise of malicious identity broker services. These brokers sell access to organizational systems, often leveraging social engineering or stolen credentials from trusted relationships.
Recent incidents demonstrate how vulnerabilities can lead to massive breaches. The healthcare data breach that compromised nearly 190 million records highlights an avoidable failure—one that could have been mitigated with multifactor authentication (MFA). Such breaches reveal that failure to impose proper credential protection poses significant risks to customer data, corporate reputation and long-term security.
What Identity Attacks Should I Protect Against?
There are dozens of identity abuse techniques. Here are the three most common:
- Phishing Attacks: It takes less than 60 seconds for an end user to fall prey to a cleverly crafted phishing attack. Attackers often use social engineering tactics to deceive individuals into disclosing their credentials, granting instant access to critical systems. Vishing – or voice phishing – in particular is on the rise.
- Man-in-the-Middle: Further along in the attack kill chain, an attacker can secretly intercept communications between two parties in order to steal data or tamper with the exchange of data, including credentials.
- Fileless Malware: Beyond phishing and other attacks that originate at the OS level, attackers are employing more sophisticated techniques at the hardware-level – or “below the OS.” Fileless malware, for instance, targets user credentials stored on endpoints by attacking memory directly. Unlike traditional malware, these attacks require no file installation, making them even harder to detect and mitigate. And, you guessed it, this is a growing threat. Research shows fileless malware attacks comprise 79% of attacks.
How To Defend Against Identity Exploits
To bolster credential security, organizations must first adopt a multi-layer, multi-pronged strategy to minimize exposure and enhance resilience against evolving threats. That means implementing both hardware-based and software-driven countermeasures. Secondly, prepare to go passwordless. Here’s how everything comes together:
Protect End-User Credentials with Secure, Hardware-Based Storage
Minimize the risk of identity compromise by safeguarding credentials from the start. Dell SafeID, available on Dell Pro, Dell Premium and Dell Pro Max, cryptographically secures end-user credentials. Customers have two options:
-
- SafeID with discrete Trusted Platform Module (TPM), which stores encryption and signing keys in secure hardware. TPM has come standard on Dell PCs for 20 years. (Side note: Starting in October, Windows 10 will no longer receive security updates. Upgrade PCs for the advanced security of TPM 2.0 only available on devices running Windows 11.)
- SafeID with ControlVault, which stores user credentials in dedicated FIPS 140-3 level 3-certified hardware, offers additional protection by isolating identity-related operations and data from the OS and memory, making them less vulnerable to attack and exfiltration. No other embedded PC biometric solution has achieved this level of external validation from NIST¹. This solution is unique to Dell and helps Dell claim the distinction of delivering the most secure commercial AI PCs. ¹
Learn how Dell-unique SafeID helps secure end-user credentials on commercial AI PCs.
Require Authentication
Protect data and assets with mandatory user authentication. With credentials securely stored, Dell SafeID with TPM and with ControlVault both offer multiple ways to authenticate on the device, all helping to move towards passwordless security: </div style>
-
- Biometrics like facial recognition via and fingerprint readers through Windows Hello or Fast Identity Online (FIDO)
- Near-field communication (NFC) which lets devices like smartphones or tokens exchange data and read cards over short distances
- Smartcards with an embedded security processor used to store credentials for authentication
Ensure Proactive Threat Detection and Response
Further mitigate risk with visibility across endpoints, networks and cloud environments. Software security like endpoint detection and response (EDR) and extended detection and response (XDR) solutions complement hardware defenses by monitoring for anomalies. Aligned with zero trust principles, they analyze patterns in user behavior and inbound communications, identifying suspicious behaviors indicative of phishing or malware attacks in real-time. Proactive threat identification reduces the window of opportunity for attackers to exploit compromised credentials.
Enterprise Benefits of Strengthened Credential Security
Implementing robust credential security measures delivers tangible benefits across the enterprise, ensuring both proactive defense and operational continuity.
- Reduced breach probability. Dell SafeID minimizes credential exposure, helping ensure attackers cannot exploit stolen or exposed credentials.
- Enhanced user trust. Customers increasingly demand robust security standards, particularly in industries like healthcare, finance, and government. A strong security policy, validated by secure credentials, fosters trust among stakeholders.
- Regulatory compliance. Many industries require strict adherence to data security regulations. Hardware-backed solutions like SafeID meet standards such as FIPS certification, ensuring compliance.
- Operational efficiency. Advanced tools also streamline processes such as end-user onboarding via biometric authentication, improving efficiency without compromising security.
The Future is Passwordless
Passwords have been a pain for years for users and IT architects alike as they’re easy to forget, frustrating to reset and vulnerable to compromise. Users will often reuse the same passwords on multiple sites. This means if the credentials are compromised once, they can be reused across many services. Passwords can be leaked to the deep web, cracked with cheap cloud GPUs or compromised through sophisticated social engineering attacks. Organizations are forced to deploy user training and sophisticated tools to thwart these adversaries. MFA – enabled through SMS, mobile apps and email OTPs – has greatly improved the security posture for enterprises but is still susceptible to phishing and social engineering attacks.
The security industry has worked tirelessly to bring passwordless solutions to the market that are industry standard, extensible and user friendly.
- Microsoft launched Windows Hello in 2015 which secured credentials within TPM of a PC and granted users access to biometrics instead of passwords for authentication. Recently, they’ve strengthened the solution with Enhanced Secure Sign-in (ESS) which provides additional levels of security to the biometric data through isolation and secure communication channels.
- FIDO Alliance launched publicly in 2013 with multiple industry-leading members, including Dell, with the goal of developing open standards for authentication that are scalable and enable faster, simpler sign-ins. Dell believes FIDO passkeys are a key ingredient in making passwordless a reality, and the industry seems to agree because adoption is growing steadily. In addition to open standards, which ensure seamless compatibility, simple user authentication methods and scalability, passkeys are highly phishing-resistant. To learn more about what passkeys can do to secure and simplify your organization, check out passkey central.
It is now our role as a PC manufacturer to demystify and simplify adoption for our customers. Dell is on a mission to help customers stay ahead of identity attacks. To this end, by 2030, all new Dell products and offerings that use authentication will offer a passwordless authentication mechanism. This includes, among other passwordless solutions, certificate-based management incorporating hardware-bound authentication: Dell Command Secure BIOS Configuration Support with Dell Command Configure.
Building Security-First Organizations
Reduce the attack surface with a proactive, multi-layered approach to end-user credential protection, starting with devices designed with embedded identity security. Stay ahead of adversaries by ensuring that security decisions involve hardware-backed solutions alongside intelligent software. By addressing these risks now, IT and security leaders can future-proof their fleet with a foundation for trust, performance, and resilience.
Learn more and reach out to our security specialists for help as you upgrade your PCs this year.
1Based on Dell internal analysis, October 2024 (Intel) and March 2025 (AMD). Applicable to PCs on Intel and AMD processors. Not all features available with all PCs. Additional purchase required for some features. Intel-based PCs validated by Principled Technologies. A comparison of security features, April 2024.
