Passwords are on the Way Out

« Back to Previous Page
148
0

Do you know how to pick the right MFA solution?

Please to read the entire article.

Marked as spam
Posted by Benjamin Canner (Discussions: 1, Comments: 2)
Replied on March 2, 2018 12:00 am
Category: Cybersecurity
27 views
0
Private comment
Agree that Biometrics is in. But again it has its own problems. Like take for example FR. The said tech shows issues when people get a bit old, wrinkles appear and sometimes they wear glasses.

The same appears to be with fingerprint authentication. Machines usually cannot recognize the finger prints of those above 60+. It happened in India with Aadhaar UID authentication.

http://theconversation.com/the-trouble-with-facial-recognition-technology-in-the-real-world-69685

Marked as spam
Posted by Naveen Goud (Discussions: 0, Comments: 5)
Replied on March 1, 2018 7:00 pm
0
Private comment
That's true Naveen; if biometrics can't adapt to the realities of time then we may be trading one credentials crisis for another. Do you see a way around the issue?
Marked as spam
Posted by Benjamin Canner (Discussions: 1, Comments: 2)
Replied on March 1, 2018 7:00 pm
0
Private comment
Well improving algorithms in a better way and from time to time with greater efficiency and as per the needs seems to be the only solution.
Marked as spam
Posted by Naveen Goud (Discussions: 0, Comments: 5)
Replied on March 1, 2018 7:00 pm
0
Private comment
My problem with Biometrics is that once they're compromised they stay compromised. You only have 10 fingers, two retina etc etc. I know they're convenient because you always have them but how would you adapt an entire security infrastructure that was based on voice recognition or retina analysis and then it was compromised. Those require physical type interface devices you couldn't shift-on-the-fly or adapt overnight once compromised
Marked as spam
Posted by Ronald Nixon (Discussions: 0, Comments: 2)
Replied on March 2, 2018 7:00 pm
0
Private comment
Ronald Nixon biometrics should not be a password only a username. That way it doesn't matter re change. That said give me a good reason why my uid needs to be that unique.
Marked as spam
Posted by Dr. Essam Hassan Ph.D. sciences (Discussions: 0, Comments: 13)
Replied on March 2, 2018 7:00 pm
0
Private comment
@lee
A good point..we designed the global Secure Identity to have guaranteed and predictable collisions this is a essential requirement..
Marked as spam
Posted by Charles M. (Discussions: 0, Comments: 1)
Replied on March 2, 2018 7:00 pm
0
Private comment
Lee Mathers agree completely but to many organizations and vendors see it as an access criteria and not an ID. But thinking like that also takes education.
Marked as spam
Posted by Ronald Nixon (Discussions: 0, Comments: 2)
Replied on March 3, 2018 7:00 pm
0
Private comment
Lee Mathers knows his stuff, not to say everything is impossible but we would have all done it by now. I and I'm sure he sees that the major issue isn't so much what the person knows or uses to authenticate themselves, it is how secure that person is to be trusted and how we can keep that security with them without denying that trust.
Marked as spam
Posted by Simon Smith (Discussions: 1, Comments: 4)
Replied on March 3, 2018 7:00 pm
0
Private comment
Don't cut your finger... You may get locked out...
Marked as spam
Posted by Jason Attar (Discussions: 0, Comments: 1)
Replied on March 3, 2018 7:00 pm
0
Private comment
It's a difficult call. Ain't it?
But fingerprints are still leading the way because for e.g. they are hard to spoof and the stats suggest "the probability of coming across another person with the exact same fingerprint is 1 in 64 billion."
Collision resistance appears very strong there compared to the Birthday paradox.
I'm rooting for fingerprints as one factor of a set of factors.
Marked as spam
Posted by Aymar Bell (Discussions: 0, Comments: 1)
Replied on March 3, 2018 7:00 pm
0
Private comment
key words = multifactor use 2 or more doesn’t mean just trade passwords for heavy dependence on biometric. that would still be shifting one single factor for another and not actually focusing on the real problem. The real problem is people clearly don't get what multi means.
Marked as spam
Posted by Isiah Jones (Discussions: 0, Comments: 2)
Replied on March 3, 2018 7:00 pm
0
Private comment
I had patent idea, but during my college time, before apple buy sweedish company (no name needed) but my no one from my country from IT sector would like to listen especially to invest. But in those days didnt know that u can sell idea. :)
Marked as spam
Posted by Stefan Konstantinovics (Discussions: 0, Comments: 1)
Replied on March 3, 2018 7:00 pm
0
Private comment
Good article. My question is why so many big name online banks don't use multi-factor authentication (MFA) now? I will not name names, but I am shocked that this is not mandated more - especially for financial transactions today.
Marked as spam
Posted by Dan Lohrmann (Discussions: 4, Comments: 1)
Replied on March 3, 2018 7:00 pm
0
Private comment
The uniqueness of a uid or a password must both be secure. In my opinion, you can’t pick one over the other per say. Unnecessary entropy in either, could lead to the compromise of an account. The uniqueness of biology acts as the password in an extent. Passwords *may* be on the way out for mobile and hardware platforms, but I believe web applications will still continue utilizing passwords well into the future, presenting a massive attack surface for unauthorized entry. One of the biggest issues surrounding Biometrics that I found in my research here at Purdue, is concealed interactions among other unexpected behaviors coming from the Biometric device itself. Integration is difficult and precision/accuracy is variable. All that said, I’m a huge fan of Biometrics. And while I have forgotten my password, I have never forgotten my thumb.
Marked as spam
Posted by John Butler (Discussions: 0, Comments: 1)
Replied on March 3, 2018 7:00 pm
0
Private comment
MFA should be required in many more cases than just banking such as with healthcare. The adoption of MFA has been stalled due to user experience issues, costs and some MFA solutions leave behind digital traces that can be taken/stolen, compromised or reverse engineered.

We are on the event horizon where we need to move to cyber known and cyber vetted. Recently, I had the pleasure of speaking with ALEX NATIVIDAD MD from NimbusId and had a close look at their pre-authentication system which addresses the useability, cost and adoption issues presented by many MFA solutions.

NimbusId also pushes the many vulnerabilities associated with user name and password (U/P). This reduces the underlying application's exposed foot print as one must clear NimbusId first.

Nimbusid uses a patented process called Cognitive ID where the user defines and controlls its depth and complexity. It is a bolt on to existing systems and so institutions can still use (U/P). Now the value of (U/P) is substantially reduced even when the threat actor is trying to bluff their way in by using alternative human means.

MFA will still play an important role in combination with NimbusId to create highly secure systems.
Marked as spam
Posted by William Klumper (Discussions: 0, Comments: 4)
Replied on March 4, 2018 7:00 pm
0
Private comment
Good article. MFA strengthens security.
Marked as spam
Posted by Hariharan Sivakumar (Discussions: 0, Comments: 1)
Replied on March 4, 2018 7:00 pm
0
Private comment
I'm really pleased by the conversation that resulted from my post! It seems that the three major points of contention surrounding biometrics are the possible over-reliance on fingerprints as a biometric authentication, the place of biometrics in MFA, and the security of biometrics overall. Thanks to everyone contributing to the conversation.
Marked as spam
Posted by Benjamin Canner (Discussions: 1, Comments: 2)
Replied on March 4, 2018 7:00 pm
0
Private comment
MFA is a key tool in both security and customer experience, often in tension, however it isn't a security solution in itself. It should be realised that not all MFA solutions are actually secure in themselves, all too many trust the device and OS. Get that wrong and you have not just wasted money but you leave your customers and yourselves open to compromise.
Marked as spam
Posted by Douglas Kinloch (Discussions: 0, Comments: 1)
Replied on March 4, 2018 7:00 pm
0
Private comment
Since the graphic shows a fingerprint it suggests biometric step-up which is effective but requires further thinking. Attacking credentials stored in a central database is commonplace so protecting stepped up credentials that are centrally stored is more critical. The best way to protect them is to decentralize per the FIDO standard - https://fidoalliance.org/about/what-is-fido/.
Marked as spam
Posted by Steve Wainwright (Discussions: 0, Comments: 1)
Replied on March 4, 2018 7:00 pm
0
Private comment
Right...what happens your biometric information is compromised
Marked as spam
Posted by Mayukh Gon (Discussions: 0, Comments: 1)
Replied on March 4, 2018 7:00 pm
« Back to Previous Page