What: “Strong Authentication in Cyberspace,” a Chertoff Group report that lays out eight principles of authentication for policymakers.

Why: A large number of network intrusions are the result of compromised passwords. Modern, standards-compliant, multifactor authentication is one of the most effective ways organisations can reduce cyber risk.

Findings: Multifactor authentication requires a user to provide at least two types of authentication like a password, biometric data, a cellphone or other information. To drive adoption of authentication that is secure, usable and protects privacy, governments should follow these principles when crafting legislation or policy:

  1. Be sure any risk management plans explicitly address authentication.
  2. Recognise that shared-secrets authentication (methods that use SMS or one-time passwords) are less reliable than more modern options.
  3. Ensure that the authentication solution is easy to users to adopt.
  4. Consider strong authentication options that use biometrics and cryptographic keys that are stored on local devices and never sent across the network.
  5. Adopt solutions that cover mobile devices as well as desktops.
  6. Build privacy into any solution.
  7. Use biometrics as one way to provide authentication in a multifactor solution.
  8. Focus on standards and outcomes, rather than a specific technology.

While strong security will help keep networks secure, “No technology or solution can completely eliminate the risk of a cyberattack,” the report concludes.  Read the full report here.

>

Change your tomorrow, today.
Get in touch.

  • This field is for validation purposes and should be left unchanged.
Google Plus