Part 1:The business drivers and technology basics of two-factor or multi-factor authentication

Australia can lead the world by implementing a federated national multi-factor authentication system
Page:

Pros and Cons for current Multi-Factor Authentication model.

The present market for MFA is mature but highly concentrated with market leader RSA having an estimated 70% market share of business users.

Pros :

  • Current MFA Solutions successfully protect users and securely control their access to sensitive data.
  • In spite of a recent breach affecting users of RSA’s secure ID token, security levels offered by vendors are very high.
  • The technology has achieved widespread adoption in key market sectors.

Cons :

  • Systems provided by leading vendors are proprietary.
  • Systems provided by leading vendors are very costly.
  • Lead times to implement can be lengthy.
  • Organisations are completely dependent upon of proprietary systems vendors to safeguard all steps in the supply chain.
  • Vendors owe no allegiance to the security interests of Australia and the possibility of state sanctioned inappropriate use of information provided (however remote this is currently) may compromise system integrity sometime in the future.
  • Customers depend on vendors protecting the “secret formula” or the “seed record”.
  • Limited customisation options are available.

About the Author:
Mike Ryan is a freelance copywriter and marketing contractor with a passion for Information Security. He has presented at an Australian Information Security Association (AISA)  branch meeting prosecuting the case for improved security and that punitive legislation  be enforced to protect  Australian citizens from data disclosure and privacy breaches.

Contact Information: 
Mike Ryan – Brass Razoo Group 
                                                                                     

Page:

Comments

Francis Gould

1

I strongly believe in the ability to offer MFA for every service. Why should one rely solely on insecure and broken static passwords? I love the google type service where one can telesign into their account with their phone. You can receive a text or call, I have a friend who gets his call in Spanish, and it seems pretty customize-able. Why does Australia push for a service like this that can apply towards all users without requiring extra hardware?

Lily

2

I definitely think this is the way of the future! A strong password is not as strong as one my think, the truth is usernames and passwords are not secure anymore. To be best way to be protected with your online accounts, is activate the two-factor authentication technology where users can telesign into their account. For me, the 30 seconds it takes to have the peace of mind that my account won't get hacked and my credit card and personal information isn't up for grabs is well worth it.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Splunk for Security

Use Splunk to search, alert and report in real time on any user, network, system or application activity, configuration changes, and other IT data from one place.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »