November 2018 – The Language of Cybersecurity

What is it?

A means by which a person can be uniquely identified by analyzing distinguishing traits such as fingerprints, retina and iris patterns, voice signatures, gait, and facial characteristics.

Why is it important?

Biometrics-based security is increasingly being used to identify people -- for example, using a fingerprint to unlock a smartphone. Security professionals are turning to biometrics both for convenience and because password-based security is not secure enough. Inherent traits, such as a retina pattern or gait, cannot be easily counterfeited, making them potentially more secure, especially when used as an additional factor in a multi-factor authentication scheme.
...continue reading "Term of the Week: Biometrics"

What is it?

A combination of two or more dissimilar authentication modes, called factors (possession, knowledge, inherence, location, or habit), that must be presented together as part of the process of authenticating the identity of a person or device requesting access.

Why is it important?

When properly implemented, multi-factor authentication (MFA) makes it harder for someone to impersonate an authorized user, giving you a higher level of confidence about the identity of a person or entity attempting to access your system.

Why does a business professional need to know this?

Many data breaches start with the theft of user credentials. At the 2017 Black Hat Conference, a survey question asked: Which of the following is most responsible for security breaches? The choices were: humans, not enough security software, unpatched software, or other. Eighty-five percent (85%) of the hackers surveyed said humans.(blackhat 2017)

When the same group was asked what was the strongest barrier to stealing credentials, sixty-eight percent (68%) said it was the combination of multi-factor authentication and data encryption.

Business professionals need to know about multi-factor authentication so they can adapt authentication to meet their needs while balancing expense with security.

Authentication factors include the following:

Physical things such as key cards
Biometric factors such as fingerprints/iris scans
Knowledge such as a password or PIN that the user knows

MFA happens when a combination of two or more of these methods is presented at the same time. What makes MFA more secure than single-factor authentication is that the odds of a hacker possessing two or more of the authentication factors at the same time are very low.

One factor alone is weak authentication. Cards can be cloned, passwords cracked, biometrics fooled, and smartphones stolen. The combination of two or more of the same factor (like two cards, two passwords, or two biometrics) is not true multi-factor authentication. While stronger than having only a single factor, combining two of the same factor is double single-factor authentication.

The first step to hacking into many networks is to bypass the logon authentication by stealing a legitimate user credential. Cybersecurity starts by first knowing who is knocking on the virtual front door. That knowing begins with multi-factor authentication.

References

(Bonnett 2016) Making Passwords Secure - Fixing the Weakest Link in Cybersecurity : Bonnett, Dovell (2016). Access Smart Media. Book. Debunks many of the myths of infallibility surrounding multi-factor authentication and other high-technology solutions in favor of a pragmatic approach to password management.
(Stelmakowich 2017) Multi-factor authentication central to helping reduce data breaches: Ostertag: Angela Stelmakowich (2017).
(Pahuja 2017) No passwords please: The need of a strong authentication protocol in the digital age: Pahuja, Anupam (2017). Moneycontrol. Discusses the importance of strong authentication to prevent identity theft and fraud.
(Lilliestam 2016) Practical IT Security for Everyone: Lilliestam, Emma (2016). YouTube. Video. Conference talk that provides security tips that are easy to install and use.
(blackhat 2017) 2017 BlackHat Hacker Survey: Thycotic (2017). Survey of attendees at the 2017 Black Hat Conference in Las Vegas.
(Keeper 2017) Password Management Evaluation Guide for Businesses: Keeper Security, Inc. (2017). PDF.

About Dovell Bonnett

Dovell Bonnett has been creating computer security solutions for over 20 years. In 2005, he founded Access Smart to provide cyber-access control solutions to government and small-to-medium-sized businesses in areas such as healthcare. His premier product, Power LogOn, is a multi-factor authentication, enterprise password manager.

Dovell is a frequent speaker and consultant on the topic of passwords, cybersecurity, and multi-factor authentication. His most recent book is Making Passwords Secure: How to Fix the Weakest Link in Cybersecurity.

Term: Multi-factor Authentication

Email: Dovell@access-smart.com

Website: access-smart.com

Twitter: @AccessSmart

LinkedIn: linkedin.com/in/accesssmart

Facebook: facebook.com/AccessSmart