Two-Factor Security was Never Deployed

Confusion exacerbates the cyber crisis; using terms incorrectly only makes the situation worse. This mistaken use of terms has perpetuated cyber failure. Understanding the terms being used is critical to moving forward with cyber security.

Multi-Factor Authentication (MFA) in all its forms boils down to data being gathered, transferred and verified. Every form of MFA has already been proven inadequate. The blame lies with how MFA is applied. MFA from either a public website or gathered from a device is based on data gathered in an untrusted environment. Therein lies the problem.

Two-Factor Authentication was explained, years ago, as “something you have and something you know”. This was the premise for token-based solutions. So, if previous token-based solutions claim to be two-factor authentication, what went wrong? Simply: the token is used to provide data that is input at a public portal in an untrusted environment. Do you see the problem?

Anytime a public portal is engaged and data is input, transferred and verified only one-factor is required: knowledge of DATA. For all the twisted logic being applied, data being transferred and verified no matter how many steps are involved, fails to meet two-factor standards. There can be no trust relationship based on data alone. Walk into a bank and say “trust my identity and execute this withdrawal”; they’ll look at you like you’re crazy.

In the physical world a Driver’s License or Passport serve as a second-factor to create a trust relationship. In the virtual world, a CyberID must also be required before portal access is granted, creating that same trust relationship. A first PHYSICAL-FACTOR applied to create a trusted environment (something you have) and then the second DATA-FACTOR is gathered from the trusted environment (something you know).

Active Access Control technology is the only solution that addresses the misunderstanding at the heart of the cyber crisis. It is not an Acceptable Risk to provide uncontrolled passive access to a website portal and it is not acceptable to use “Data-Only” security gathered from an untrusted, uncontrolled environment.

When confusion and failure are no longer acceptable, “Something you have and something you know” is still the solution. For more than 20 years the cyber solution has been known. For over 10 years the solution has been available. Isn’t it time to deploy it?

The time has come to stop using words to justify failure and to start using logic to address the problem! The “Death of the Internet” may be upon us; it is time to embrace Two-Factor Authentication, Active Access Control and the multi-dimensional Internet. 

Cyber Safety Harbor, Your port in the cyber storm

Technology Background: Access Control + Integrity = Cyber Security