The future of authentication security sounds like the beginning of some overthought seminar on protecting what is yours. It brings to mind dry, technical conversations that often have little bearing on the immediate here and now. This is the future of authentication that we are talking about, after all.
However – if we take a look at the recent DDoS attacks on Dyn that took down a huge chunk of the internet, we can learn a lot about the importance of security and the role that individuals play in its future.
So…What Happened to Dyn, and Why Does That Matter?
If you utilize services like Netflix, Spotify, or Twitter, you most likely remember the interruptions that occurred on Friday, October 21st, 2016. These outages were a result of a DDoS attack perpetuated agains the Dyn service provider, located in New Hampshire. Although the who of the attack is still unknown, the how is very important. Utilizing vulnerabilities in many devices connected to the Internet of Things, attacker created a botnet which overloaded the Dyn servers. This, in turn, caused a crash in major systems. As one might expect, the rest of the internet felt the aftermath of that attack, and it perked the ears of many security conscious individuals.
Bruce Schneier has a fantastic article on the Regulation of the Internet of Things. In this article, Schneier discusses what this attack means for the future of our digital security. While he touches on many major points and offers some excellent advice, he only alludes to what these attacks mean for the future of authentication security.
The Future of Authentication Security – The IoT Example
I’ve been known to digress and even stretch my point from time to time. However, I feel that this most recent attack shows exactly what weak authentication security can do to the Internet at large. It has always been common understanding that the IoT requires less in terms of authentication in order to provider greater convenience. Therein lies the problem for the future of authentication security.
The IoT is the greatest existing example of the problem surrounding Convenience over Security. Everyday users want to have access to the things they need without having to think about security. It is important to note that the fault doesn’t rest entirely with the users. Resellers and developers of IoT connected devices often don’t pay as much attention to security and vulnerabilities either (read through Schneier’s article, he agrees!).
Additionally, the IoT is a prime example of why the future of authentication security is so important. IoT devices typically do not require authentication. They simply connect to the Internet and function. This lapse in initial verification provides attackers with a unique opportunity to wreak havoc in numerous environments. Consequently, think smart homes or hands free devices in vehicles – a lack of authentication is a gold mine for hackers.
In the same light, however, the IoT is important because it shows us where we can go from here. You know what they say: Always Forward.
What Individuals Can Do to Improve the Future of Authentication Security
There are many things that the government and developers can do to improve security from the early stages. However, these developments will take time and effort from many different parties. As individuals, there are steps that we can take to usher this process along.
It is important that consumers and users be current on information regarding the technology that they purchase and use. This is more important now than ever before. In order to improve the future of authentication security, we need to be proactive. Ask relevant questions regarding vulnerabilities and updates, and perform the necessary tasks. This responsibility remains squarely on our shoulders with respect to the technology that we choose to utilize.
Asking the right questions before relying too heavily on a new technology will save you a lot of pain and money down the road.
Keep up to date with Patches/Vulnerabilities
For the most part, security vulnerabilities are nothing new. Software patches and updates are designed primarily to continue securing new technology long after it has been implemented. In the case of IoT devices, however, the line becomes blurred. Many users forget that a lot of new technologies can and often should be patched and updated regularly.
If you have decided to invest in IoT devices, take the necessary precautions that are inherent in the purchase. Remember: other users do not care about your security. It is up to you to secure yourself against the tide of malicious behavior that surfs the web.
This action item cannot be put any simpler. It is our duty as individuals and a culture to demand better regulation of security and protection for our devices and our identity online. Whether this takes the form of reaching out to your local IT administrators to request a security audit, or pushing for legislature that improves security requirements for new technologies being pushed out to consumers – we need to demand better.
The IoT is an important milestone for our society. However, it should not blind us to the dangers of the Internet. In order to secure the future of authentication security, we need to demand a strong foundation for the security of our everyday technology.
Convenience vs Security
We all want convenience, and we all want security. However, we do not want one to severely impact the other. In our desire for simplicity, we often forget the cost at which it comes. In order to better prepare the future of authentication security, it comes down to finding and maintaining that strong balance.
Our responsibilities for the future are numerous, and it all starts with making a stand. We have to improve the security that we have today, to prevent and mitigate the attacks of tomorrow.