Passwords weakness has been in the news again lately. But we have known for some time that passwords alone are not a good authentication or access control mechanism. Strong and practical authentication is very challenging. There are “strong” schemes, but they often don’t work well for users. Security practitioners are familiar with the 3 factors of authentication: something you know; something you have, and; something you are. Each of these have fundamental flaws. I like to think of them as: something you forgot; something you lost, and; something you were!
We will take a look at the current state of authentication, examine weaknesses in authentication factors, introduce the fourth factor of authentication and consider some solutions.
- Overview of authentication methods.
- Why do we have problems with passwords?
- What authentication solutions are there?
About Barry Caplin
Barry Caplin is a leadership partner with Gartner, providing trusted advice to CISOs and senior security professionals. Caplin has twice been the first CISO for an organization and has over 35 years of experience in technology, the last 25 focused on information security including over 14 years as a CISO. He holds an MS in applied mathematics from Virginia Polytechnic Institute (Virginia Tech), and CISSP, ISSMP, CISA, and CISM certifications. Caplin frequently speaks on a variety of security, safety and privacy topics, particularly staying safe with the internet, social media, and mobile devices.
