CDM Media’s Senior Director of Content & C-Suite Communities, James Quin is regularly cited in various media stories across a variety of industries. But leading up to these article inclusions are many conversations and insightful commentaries which don’t always make the publication. In this weekly (or more!) new section, James shares his responses to a myriad of tech topics he discusses with journalists.
The recent IRS breach has caused some reflection on what really goes into security, and what tools and steps should be used. In particular, James Quin weighed in on some questions surrounding the effectiveness of dynamic ID:
How Effective is Dynamic ID?: How do dynamic ID, or out-of-wallet, processes work? Are they expensive to implement? Would its use have prevented some recent government breaches?
JQ: Dynamic ID or out-of-wallet authentication process work by requiring additional authentication criteria beyond things like user names and passwords. When it comes to authentication there are three accepted factors: something you know (i.e. a password), something you have (i.e. a bankcard) and something you are (i.e. a fingerprint). Enhanced authentication processes seek to use multiple authentication factors for each authentication instance. This can be multiple first factor authenticators (such as a password and a secret question, both of which are something you know) or a combination of different authentication factors (such as a bank card and a PIN at an ATM). Depending on the type of authentication factors used, additional cost can be minimal (asking someone two passwords requires very little additional infrastructure) but can scale to very expensive (equipping every user with and iris scanner and fingerprint reader for example).
In theory, enhanced authentication reduces the likelihood that access credentials can be suborned and therefore also reduces the likelihood of breaches so, yes, enhanced authentication could have prevented some recent breaches, though that’s not the same thing as saying they would have.
To learn more or attend one of our CIO Summits, visit http://www.ciosummits.com/