Whether a single layer of security is devised to authenticate the identity of customers or internal team members, the absence of additional protective measures can leave your stored data vulnerable to attack.
Cyber terrorism attacks are growing ever more advanced and sophisticated, with security barriers providing limited protection when implemented on their lonesome. Password protection and other basic forms of identity authentication often provide simple pickings for cyber criminals, able to decrypt the less-than-secure codes.
In Verizon’s 2016 Data Breach Investigations Report, it is revealed that 63 per cent of all data breaches involve stolen, weak or default passwords. As a result of almost 2/3 of these recorded breaches being caused by password mismanagement, Verizon went on to advise against the use of single factor authentication, calling on all business uses to increase the number of layers which protect their online systems and data.
Not only are single factor authentication protected systems and portals more vulnerable to successful breaches, they are immediately more prone to attempts. Attackers, like invading armies, will invariably target the weakest link, the least-protected wall, the exposed entry point; concentrating their efforts on the wafer-thin section of security.
Related: Strong Customer Authentication is making online payments more complicated
It is not just criminal acts which could potentially expose the security system appointing single factor authentication. With just a single point of failure, any internal system errors can compromise the security of the online portal. Is the sole point of security fails, the entire system is either inaccessible or completely open; this will, best case scenario, ruin user experience, and worst case scenario, expose user and internal data.
Multi-factor authentication
The natural solution for systems which are dangerously tiptoeing the single factor balance beam; multi-factor authentication is the process of creating a robust identity management system. Utilising a number of knowledge, possession and inherence factors to confirm users’ identities, multi-factor authentication is far less susceptible to attack and exploitation.
Users attempting to gain access are prompted to supply a number of credentials to confirm their identity; credentials which are unique to the user. These credentials can take the following forms, with a combination of the three creating the most robust identity authorisation management systems.
Knowledge Factors: Information which can be provided by the user, this can take the form of passwords, usernames, PINs, and answers to secret questions.
Possession Factors: These are physical or digital credentials the user must have in their possession, such as ID cards, key fobs, security tokens or one-time passwords.
Inherence Factors: Measuring biological traits possessed by the user, taking the form of retina scans, iris scans, fingerprint scans and facial recognition amongst others.
These are sometimes complemented by two other forms of factors: location factors, which rely on GPS to identify where the user is currently located, and time factors, used mainly for internal users (primarily the workforce), identifying if they are logging in during authorised hours.
Tom Eggleston, managing director of identity management specialists, ProofID, believes the dangers of employing single factor authentication will only grow more severe as the identity landscape continues to evolve: ‘All the evidence consistently shows that passwords alone are no longer fit for purpose for protecting our data. As individuals and as organisations, we need to take steps to ensure our data is secure; effective and convenient multi-factor authentication technology is now available to help with this, so the time is right for widespread adoption.’
High profile data breaches seem to be increasing in regularity year on year, with even President Obama highlighting the importance of employing robust multi-factor authentication as part of a national action plan against the threat of cyber terrorism. This presidential statement recognises that single factor authentication is already outdated, and quickly becoming dangerously prehistoric.