Strong authentication in cyberspace, 8 key principles for policymakers

 

It’s hard to find a major cyberattack over the last five years where identity – generally a compromised password – did not provide the vector of attack.
Target, Sony Pictures, Anthem, the Democratic National Committee (DNC), the U.S. Office of Personnel Management (OPM) – each was breached because they relied on passwords alone for authentication. We are in an era where there is no such thing as a “secure” password; even the most complex password has fundamental weaknesses as a security tool.
In response to the increased frequency of authentication-based cyber-attacks, governments around the world have been crafting policies, initiatives and regulations focused on driving the adoption of more secure, multi-factor authentication (MFA) solutions that can prevent password-based attacks and better protect critical transactions, data, communications and infrastructure.
As they tackle this issue, however, governments face a number of challenges. At the core of them is the fact that all MFA is not the same.Full Report Here

 

 

Source: The Certhoff Group