Authentication and its Evolution in Context of Cyber Defense
- With hacks and personal information compromises occurring on a regular basis, it is essential to take a look at the authentication systems.
- Attackers are infiltrating into systems by taking advantage of weak passwords.
The exact point in time when a password system was designed is something we may not know for sure, but the credit for introducing computer passwords belongs to the Massachusetts Institute of Technology. In the mid-1960s, researchers built a Compatible Time-Sharing System and relied on usernames and passwords to limit the time students and staff spent on the system.
The current scenario
Most applications continue to use the system of usernames and passwords.
- Although there are password policies in place, our increasing use of multiple applications on a daily basis poses the challenge of users having to remember various complex passwords.
- Also, a lot of personal and sensitive data is stored online which deepens the problem.
Methods such as SMS and email verification are available, but hackers are finding ways to bypass these to gain access to confidential data.
As the world is waking up to the fact that hackers are able to get into systems by cracking passwords, new technologies for authentication are being developed that are passwordless.
Biometrics is a popular option. Technologies involving fingerprints, voiceprints, irises, and even ears are being tested to find better authentication methods. But a looming problem with this is that biometric data is far more valuable than a simple password, and the notion of it falling in the wrong hands is quite alarming.
There are also multi-factor authentication options that combine multiple values such as a token, a biometric value, and location to authenticate.
The rise of collaborative open source initiatives like the Fast ID Online (FIDO) specifications by FIDO Alliance are a welcome move towards increasing widespread adoption of multifactor authentication. The FIDO Alliance is a non-profit organization with the aim of standardizing authentication at the client and protocol layers.
There is no one-size-fits-all solution in case of authentication. The authentication technologies are evolving, and more options are opening up. Organizations must analyze the sensitivity of the data they handle and decide on an appropriate system for maximum security.