After High-profile Hacks, Multifactor ID is a Priority
By Adam Stone and Tobias Naegele
January 10, 2017
Share this page:
Today, cybersecurity looms large in all our minds. But practically speaking, the most basic element of security is personal identification and authentication. Indeed, the issue played a significant behind-the-scenes role during the campaign. Federal investigators discovered the hacking attack on the Democratic National Committee in September 2015. A New York Times account indicates Charles Delavan, a Clinton campaign aide, incorrectly legitimized a phishing email sent to the personal account of Hillary Clinton campaign Chairman John D. Podesta, that gave Russian hackers their way into DNC computers. Malware then routed ex-filtrated files back to the hackers in Russia.
Trump promised to complete what is known as the biometric entry-exit visa tracking system, presently in pilot stage, as part of his overall immigration policy. “In my Administration, we will ensure that this system is in place at all land, air, and sea ports,” he said.
Media reports note that Michael T. Dougherty, CEO of the Secure Identity and Biometrics Association (SIBA), is managing Department of Homeland Security issues on Trump’s transition team. With 20 years of legal and policy experience in the federal government and particular interest in biometrics, that could be a good omen for the biometrics identity industry.
Though the DNC may be the poster child for hacks these days, the problem with phishing and passwords is hardly unique. Multifactor authentication is ascendant and better solutions than passwords are in demand.
Market researcher Forrester predicts that by 2019, “it will be possible to break even the most complex passwords, making everyone vulnerable to devastating breaches.”
President Obama’s Commission on Enhancing National Cybersecurity released a Dec. 1 report urging the next president to adopt multifactor authentication for mobile devices based on standards developed by the Fast IDentity Online (FIDO) Alliance.
“FIDO specifications are focused largely on the mobile smartphone platform to deliver multifactor authentication to the masses, all based on industry standard public key cryptography,” the commission notes. “This work, other standards activities, and new tools that support continuous authentication provide a strong foundation for opt-in identity management for the digital infrastructure.”
Within government, the Defense Department expects to launch pilot projects in early 2017 testing new multifactor authentication solutions to replace its common access card (CAC). Most civilian agencies meanwhile, still struggle to implement multifactor solutions. The federal IT dashboard once listed percentages of agency users required to use strong authentication, but no longer discloses that information.
Securing individuals’ identities is the first line of defense in cybersecurity. Human error is responsible for more than half of all cyber breeches, according to the BakerHostetler 2016 Data Security Incident Report. In more than half those cases, the errors involve giving up information like passwords to open the door into a system. Biological markers — fingerprints, voice matching, facial recognition, or iris scans — are all on the table as potential technologies for replacing passwords and for positively identifying travelers, employees and more.