Part 1:The business drivers and technology basics of two-factor or multi-factor authentication

Australia can lead the world by implementing a federated national multi-factor authentication system

The Prime Minister’s Department invited submissions to “Cyber Security White Paper” late in 2011. This is Brass Razoo’s submission that prosecuted the case for Australia to adopt a federated multi-factor authentication that could be deployed nationally. By extending existing identification systems administered by Government and Financial Service providers, the nation could build an identification and security system that would be the envy of the world.

The business drivers and technology basics of two-factor or multi-factor authentication will be covered in Part 1.Part 2 will address the glue that binds the system together, open standards. In much the same way that open standards have propelled open source software into the stratosphere, the analogy could be used to build an Australian federated system built upon these open standards to create a security infrastructure that leads the world. The final part in the series will present implementation guidelines and summaries the benefits to the nation.

Synopsis:
To provide the best level of data protection for Australian businesses and its citizens, an opt-in system of token based two factor authentication should be implemented. The system would be built upon a robust set of open security standards and collaboratively administered by those currently entrusted with issuing identification instruments. The cost would be borne by the individual or a commercial sponsor and ideally, comprise a software token (mobile phone) and hardware authenticator (credit card, driver’s licence, USB key or other hardware device) to meet business availability and continuity demands. With the Finance industry actively participating in the development of the new system, the setup costs would be negligible and by implementing a single compatible system across the nation, greater economies of scale would reduce operating costs and reduce losses from fraud. Of utmost importance is that Australia would lead the world in protecting its online users from risks posed by fraud and identity theft.

 

2 Comments

Francis Gould

1

I strongly believe in the ability to offer MFA for every service. Why should one rely solely on insecure and broken static passwords? I love the google type service where one can telesign into their account with their phone. You can receive a text or call, I have a friend who gets his call in Spanish, and it seems pretty customize-able. Why does Australia push for a service like this that can apply towards all users without requiring extra hardware?

Lily

2

I definitely think this is the way of the future! A strong password is not as strong as one my think, the truth is usernames and passwords are not secure anymore. To be best way to be protected with your online accounts, is activate the two-factor authentication technology where users can telesign into their account. For me, the 30 seconds it takes to have the peace of mind that my account won't get hacked and my credit card and personal information isn't up for grabs is well worth it.

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Secure Virtualization of Business Applications

Run your mission-critical applications in a secure and compliant virtual datacenter, or private cloud.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.