Blog Home > Authentication Security > Stronger Authentication: A Game of “Cat and Mouse” or “Panther and Mouse”?
Stronger Authentication

Stronger Authentication: A Game of “Cat and Mouse” or “Panther and Mouse”?

Stronger Authentication

In what feels increasingly like background noise, new data breaches and high profile attacks continue to make the news.  SafeNet claims 183M accounts were compromised in the 3rd quarter of 2014 alone (link).  Less than 1% of these attacks were performed by insiders which means the large majority are done by highly skilled black hat hackers likely motivated by corporate, national government or crime syndicate financing.  The cyber security arms race that used to feel like a game of cat & mouse where breaches occurred and defensive measure were taken is beginning to feel more like panthers hunting that mouse.

Aside from outliers like the Stuxnet worm which targeted Iran’s plutonium enrichment program (link), most attacks are aimed at gathering corporate, personal, or financial data.  All that’s needed is a chain from one compromised machine (or privilege escalation) to the next.  With more sophisticated hackers able to conceal their presence, they can stay resident on systems for months before being detected.  It may be shocking to hear that the United States NSA often decides not to disclose vulnerabilities, so they can be used in their own cyber espionage campaigns against countries and companies both foreign and domestic (link), but this is the world in which we now live.

 

Numerous high-profile corporations have banded together to create the FIDO Alliance which has specified and offered reference implementations of its Universal Authentication Framework (UAF) and Universal Second Factor (U2F) (link).  The goal is to provide stronger authentication, but not all attacks start at the front door.  If you think of your “digital domain” as a physical house, upgrading to a steel front door may dissuade more myopic thieves.  More enterprising ones, however, may take a wider view and see 1) the overgrown tree that can be used to 2) get on a porch roof which leads directly to 3) an old double hung window with 4) aged glazing that will allow a pane of glass to be removed with little effort.

 

While the data we want protected is stored in too many places with loose access requirements, the panthers will continue to hunt and the mice will have fewer safe places to hide.  Until that day arrives however, I’d still rather be the mouse with a steel front door!

Please follow and like us:
0
Gregg Browinski

Author: Gregg Browinski

Gregg, PistolStar’s Chief Technology Officer, oversees PistolStar’s product development and technical support. Prior to joining the company in 2001, he received extensive experience as a developer at IBM Lotus and Iris Associates. Gregg has served as the lead architect and developer for PistolStar’s Password Power suite of authentication solutions. He is responsible for the product’s technical success and the recognition it has received through award nominations.

Comments are closed.

Main menu