Other tried and true methods include the RSA SecurID 2FA
method which requires the use of either a software or hardware token. This
commercial solution has been available for quite some time and provides an
additional layer of authentication. However, the RSA SecurID method lacks the
integration that Google “G Suite” provides for businesses. It can also be
considered cumbersome and a less convenient method of authentication for normal
end-users.  Ironically, RSA SecurID has
been used by Federal agencies to prevent attackers from exploiting the weak
authentication security provided by just a password 7.

      Another
solution, known as “Sound Proof” developed by security researchers employs the
use of unique sounds to provide proximity based authentication to workstations
or buildings. Although this form of authentication is usually used in
conjunction with a password, it provides end users with a similar level of
convenience found with only using a password to authenticate. This process uses
a mobile device to produce a unique sound that is then synced with a server to
ensure that the sound received is completed in a timely fashion 8.

 

VII.
THE FUTURE OF MFA

      Unfortunately,
despite the advancements made by private industry, secure authentication
methods seem to be suffering from Occam’s Razor. In this exemplification, even
the most convoluted and intricate authentication methods are introducing
unforeseen vulnerabilities that have never been seen in the “wild”. For
example, biometric identifiers such as “Apple ID” have already been compromised
9. The access control was circumvented with a cost-effective face mask that
resembled the features of the actual individual. These features were extracted
from a photo and subsequently supplanted onto the mask. In the same vein,
Tsutomu Matsumoto was able to beguile fingerprints scanners in 2002 with the
use of “gelatin fingerprints. Regrettably, using gelatin-based substances such
as gummy bears can still successfully be employed to trick fingerprint scanners
into “authenticating” a cybercriminal 10. Ipso facto, another group of
researchers have also found that glycerin is a better substance for creating
reliable impressions of fingerprints and deceiving devices into authenticating
an illegitimate user 11.

    With
that being said, the same researchers also raised concerns that about biometric
identifiers being stored in a centralized database. To this point, the
researchers caution that if the database is hacked, millions of individuals may
have various biometric identifiers exposed to cyber criminals 11.
Unfortunately, these identifiers are very much static and can not be changed
with ease like a password or ID card can.

    Before
moving forward, of course biometric authentication such as an Iris/Retina Scan
is available that is more secured and very difficult to duplicate.  The procedure also has its own issue with
regards to the current subject matter of ethical and privacy issue.  Article 8 of Human Rights Acts (1998) states
that “Everyone has the right to respect for his private and family life,
his home and his correspondence”, with this article, information gathered
through such technology will be deeply scrutinized.  And with an individual protesting with
refusal to be subjected to such examination, how does one apply the rule 13.

     Retinal
scans are often used in the health scanning procedures.  It is has the capacity to identify
communicable diseases including AIDS, chicken pox and malaria and to scan for
hereditary diseases including various types of cancers.  Though this may not be the objective of the
iris scan for authentication, the snapshot of the iris can still provide just
such information.   This leads to the
privacy concerns such as personal privacy where the user fears about the safety
of his unique biometric identifiers and informational privacy, where the user
fears about the misuse of his biometric information and “function creep”. It
means that the information collected for a particular purpose is subsequently
used for something else. 14

 

VIII.
CONCLUSION

     While
the Federal government has taken steps to ameliorate some of the damage it has
caused over the last several decades, the fact still remains that it simply has
not done enough. Although the private sector has made strides in greatly
improving the security surrounding authentication, much of this progress has
simply been in response to the glaring deficiencies left by the Federal
government. However, this reactive environment of moving to continuously
mitigate risk in part created by the Federal government has ultimately created
additional vulnerabilities where little precedent has been set.

Written by
admin