multifactor authentication


Making multifactor authentication a reality

What: “Strong Authentication in Cyberspace,” a Chertoff Group report that lays out eight principles of authentication for policymakers.

Why: A large number of network intrusions are the result of compromised passwords. Modern, standards-compliant, multifactor authentication is one of the most effective ways organizations can reduce cyber risk.

Findings: Multifactor authentication requires a user to provide at least two types of authentication like a password, biometric data, a cellphone or other information. To drive adoption of authentication that is secure, usable and protects privacy, governments should follow these principles when crafting legislation or policy:

  1. Be sure any risk management plans explicitly address authentication.
  1. Recognize that shared-secrets authentication (methods that use SMS or one-time passwords) are less reliable than more modern options.
  1. Ensure that the authentication solution is easy to users to adopt.
  1. Consider strong authentication options that use biometrics and cryptographic keys that are stored on local devices and never sent across the network.
  1. Adopt solutions that cover mobile devices as well as desktops.
  1. Build privacy into any solution.
  1. Use biometrics as one way to provide authentication in a multifactor solution.
  1. Focus on standards and outcomes, rather than a specific technology.

While strong security will help keep networks secure, “No technology or solution can completely eliminate the risk of a cyberattack,” the report concludes.

Read the full report here.

About the Author

Matt Leonard is a former reporter for GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.