Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication Is a Combination of Authentication Methods the Right Approach?

Is a Combination of Authentication Methods the Right Approach?

It seems that we're always recovering from, or hearing about, the latest security breach or vulnerability. This week it was Home Depot, who announced that they have "have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers. The rollout of enhanced encryption to Canadian stores will be completed by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology".

One of the most powerful elements of EMV is the fact that it combines authentication methods to strengthen the security of a transaction. Passwords themselves have taken a beating as a standalone authentication method, with many organizations choosing to deploy second or multi factor authentication, and some choosing to forgo passwords all together. Biometrics are emerging as an answer to the "Password Problem", offering a unique credential that represents something the user "is" instead of something they "know" (which can be discovered, and reused by a bad actor), but each method has its drawbacks. This article discusses the good and bad of each method, and  argues that a secure transaction may well require multiple methods at once to be optimally secure.

This idea is a compelling one, especially if the combined solution can offer an elegantly simple end user experience. Biometrics may be an ideal "enhancement" for authentication precisely because of what they are - something the user "is" (nothing to remember, receive, carry, or otherwise maintain). As we continue to discuss how to enhance security, the conversation will likely become one of the best combination of methods, instead of any one method, for security.