Hardware technology advances have made the Trusted Platform Module (TPM) or similar technology almost ubiquitous in PCs and mobile devices. We’re not yet able to plug humans directly into the Matrix. If you think about it, this makes sense, but is often taken for granted and it might not be obvious - a user needs a device to access a system or service. This isn’t only your people (and their credentials) but the devices in your org also have an “identity” and are part of the access control system, usually completing mutual authentication, often based on PKI. Starting back with the Jericho Forum, the corporate IT world has been moving towards a “ zero trust” model where Identity is the initial control point (vs the network perimeter/firewall). For example, below, our ‘passwordless sign-in’ capability sends a prompt to the PC with a number, then moments later, the MS Authenticator app on a mobile device prompts for a number-match, followed by a biometric: We’re going beyond MFA, too, where the idea is to not even require a password anymore – use other technologies to make sign-ins easier AND more secure - at the same time. Now, if someone knows/guesses/buys your password and email address, that’s ‘not enough’ to get into your account. This has helped make those services/transactions much more secure.
You’ve likely set this up for bank accounts, credit cards or other financial transactions (and maybe even work, too). In any event, your ID and password alone aren’t sufficient to access a system/resource.
More recently, biometrics have come into play, too, with MFA – perhaps you use your thumb/fingerprint or a retina or face scan, instead of (or in addition to) a phone call or text. This could be a one-time code sent to a user’s cellphone via SMS text, a phone call to a user’s office/desk phone, a one-time code ‘pushed’ to a mobile app on a cellphone, a code on a physical ‘fob’ (also known as an OATH token or hard token). “MFA” or ‘Multi-Factor Authentication’ is a process where something more than just a username and password is required before granting access to a resource.
0 kommentar(er)
