Part 1:The business drivers and technology basics of two-factor or multi-factor authentication
- — 07 May, 2012 13:50
The Prime Minister’s Department invited submissions to “Cyber Security White Paper” late in 2011. This is Brass Razoo’s submission that prosecuted the case for Australia to adopt a federated multi-factor authentication that could be deployed nationally. By extending existing identification systems administered by Government and Financial Service providers, the nation could build an identification and security system that would be the envy of the world.
The business drivers and technology basics of two-factor or multi-factor authentication will be covered in Part 1.Part 2 will address the glue that binds the system together, open standards. In much the same way that open standards have propelled open source software into the stratosphere, the analogy could be used to build an Australian federated system built upon these open standards to create a security infrastructure that leads the world. The final part in the series will present implementation guidelines and summaries the benefits to the nation.
To provide the best level of data protection for Australian businesses and its citizens, an opt-in system of token based two factor authentication should be implemented. The system would be built upon a robust set of open security standards and collaboratively administered by those currently entrusted with issuing identification instruments. The cost would be borne by the individual or a commercial sponsor and ideally, comprise a software token (mobile phone) and hardware authenticator (credit card, driver’s licence, USB key or other hardware device) to meet business availability and continuity demands. With the Finance industry actively participating in the development of the new system, the setup costs would be negligible and by implementing a single compatible system across the nation, greater economies of scale would reduce operating costs and reduce losses from fraud. Of utmost importance is that Australia would lead the world in protecting its online users from risks posed by fraud and identity theft.