Data breaches have plagued organisations of all sizes, both commercial and governmental, for over a decade and show no signs of abating. Alarmingly, the costs associate with data breaches are climbing fast.
In Finance and Banking alone the average cost per stolen record is $215 (2015 Ponemon report). The costs associated with the recent OPM breach may never be fully known but it is clear that its impact goes way beyond financial considerations; the breach has threatened the anonymity of field personnel, possibly putting them in harm’s way.
Research shows that most breaches are due to compromised or stolen credentials. To combat this scourge, many organizations are beginning to implement two-factor and even multi-factor authentication, but is this an effective approach to stopping the rampant theft of data?
Why Multi-factor Isn’t Enough
Multi-factor authentication was designed to add additional layers of security to network and system access. While this might seem to provide stronger authentication security, it suffers from serious limitations. In practice, most solutions only supply two factors – a password and a One-Time-Password (OTP). The continued reliance on user-generated passwords as an authentication factor should be of concern to anyone thinking about adopting such a solution. Further, limiting the second factor to an OTP doesn’t provide the flexibility to cover all use cases and applications; the approach is just too simplistic.
Despite the large investment being made in authentication solutions, the biggest impediment to a workable solution hasn’t been removed – the reliance on human compliance and cooperation. Humans are incapable of creating and remembering strong passwords and defeating them is fairly straight forward, meaning that most multi-factor authentication solutions can ultimately end up relying on one factor alone, an OTP.
Additionally, most authentication solutions don’t take risk into consideration, that is, the value of what is being accessed, who is accessing it, as well as when and where it is being accessed. The same authentication policy is enforced for all use cases, regardless of risk. It makes no sense to impose productivity draining authentication policies on users that only want to edit a run of the mill office document. It makes abundant sense to aggressively protect access to trade secrets and critical financial information with stringent authentication policies. A secure, flexible and dynamic approach to authentication is needed.
Composite Authentication – the Modern Approach to Authentication
Composite Authentication was designed to provide strong, risk-aware authentication that goes far beyond static multifactor approaches and eliminates the reliance on people.
As traditionally defined, multi-factor authentication is comprised of what a user knows (e.g. a password), what a user has (e.g. a smartcard), and who a user is (e.g. a fingerprint). Composite Authentication introduces additional risk factors that allow organizations to strengthen and tailor authentication polices to fit specific use cases and risk profiles:
The Crossmatch® DigitalPersona® Composite Authentication approach offers the broadest set of factors, creating the right mix of authentication options for every user, moment by moment. It goes beyond traditional authentication to provide risk-based factors that deliver the strongest, most complete protection available to secure all networks, applications, data and systems. To learn more, visit cm.crossmatch.com/digitalpersona/