April 16, 2018
When the word “cybersecurity” comes up, “password” is often not far behind. You’ve doubtlessly heard that people are rather bad at coming up with secure passwords, and that “password” itself makes for a terrible one. (If you’re looking for tips on what makes for a good password, be sure to check out this article from IEEE Spectrum).
But instead of relying on people to get better at creating and remembering login credentials, engineers have been pushing toward adding personal elements to the login process so that it’s easier to ascertain that the user is who they say they are. And these elements don’t have to be complex or challenging: in the case of multi-factor authentication (MFA), it can be something like a six-digit code sent to your phone, or a key fob that generates a one-time password.
Multi-factor authentication is becoming increasingly common. Odds are you’ve already used it, like if you’ve had a six-digit code texted to you in order to log into something. So what’s next for MFA? According to Kayne McGladrey, IEEE member, Director of Information Security Services at Integral Partners (US), using artificial intelligence to assess the context of a login attempt will help make the security check more efficient:
“Consider if a user typically logs in from Seattle, WA on a daily basis when they arrive at their office at 9 AM. An MFA solution should not require additional authentication from the end user. However, if the user’s cell phone and laptop are in Seattle but the login attempt is from China, the MFA solution should either automatically block the login attempt prompt for additional authentication before automatically notifying the Security Operations Center (SOC).”
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Of course, MFA is still far from universal adoption. When we asked Steven Furnell, IEEE Senior member and Professor of Cybersecurity at the University of Plymouth, about how passwords would fair in 2018, his response was simple: “Despite their long-predicted passing, passwords still won’t be dead!”
After all, passwords are simple, and have the advantage of being what we’re used to. And with passwords, MFA, fingerprint identity sensors and facial recognition all jockeying for position as the simple security solution of choice, it’ll be interesting to see where things net out. In the meantime, do your due diligence in keeping your accounts safe.