Making multifactor authentication a reality
- By Matt Leonard
- May 11, 2017
What: “Strong Authentication in Cyberspace,” a Chertoff Group report that lays out eight principles of authentication for policymakers.
Why: A large number of network intrusions are the result of compromised passwords. Modern, standards-compliant, multifactor authentication is one of the most effective ways organizations can reduce cyber risk.
Findings: Multifactor authentication requires a user to provide at least two types of authentication like a password, biometric data, a cellphone or other information. To drive adoption of authentication that is secure, usable and protects privacy, governments should follow these principles when crafting legislation or policy:
- Be sure any risk management plans explicitly address authentication.
- Recognize that shared-secrets authentication (methods that use SMS or one-time passwords) are less reliable than more modern options.
- Ensure that the authentication solution is easy to users to adopt.
- Consider strong authentication options that use biometrics and cryptographic keys that are stored on local devices and never sent across the network.
- Adopt solutions that cover mobile devices as well as desktops.
- Build privacy into any solution.
- Use biometrics as one way to provide authentication in a multifactor solution.
- Focus on standards and outcomes, rather than a specific technology.
While strong security will help keep networks secure, “No technology or solution can completely eliminate the risk of a cyberattack,” the report concludes.
Read the full report here.
Matt Leonard is a reporter/producer at GCN.
Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.
Leonard can be contacted at email@example.com or follow him on Twitter @Matt_Lnrd.
Click here for previous articles by Leonard.