How Much Is Too Much Authentication?

Ty Chaston
March 04, 2019

Get the latest from the SecureAuth Blog

Nothing exceeds like excess. Most people take this credo to extremes as well. Why buy one when you can own two? Why try two when you can handle four? Why settle for four when you can get ten? The challenge takes on a self-perpetuating aspect seemingly without end. This isn’t a huge problem when it is related to how many potato chips to eat or t-shirts to buy. It can become a huge problem for the average user when it comes to IT security and multifactor authentication.

NSA Requires MFA

Multi-Factor Authentication is coming into its own as more organizations recognize the complete vulnerability of password-based authentication. More press is coming to light, first on the impact of stolen credentials and the vulnerability of passwords and second on the value of multi-factor authentication. It is important enough that even the NSA is suggesting that you should transition to MFA immediately. 

For those not familiar with the National Security Agency (NSA), they are the top security organization in the United States and report into the Department of Defense. The NSA is a national-level intelligence agency responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes and clearly knows a thing or two about what it takes to be secure.

The NSA published a Cyber Information Brief  that covers their Top Ten Cybersecurity Mitigation Strategies, one of which proposes that everyone should Transition to Multi-Factor Authentication, specifically:

“Prioritize protection for accounts with elevated privileges, remote access, and/or used on high value assets. Physical token-based authentication systems should be used to supplement knowledge-based factors such as passwords and PINs. Organizations should migrate away from single factor authentication, such as password-based systems, which are subject to poor user choices and susceptible to credential theft, forgery, and reuse across multiple systems.”

So, now that you are ready for MFA, how many factors should you consider in order to truly be secure?

11 Factor Authentication

Most companies have already adopted some form of two-factor authentication and already the user community is pushing back. The added requirements of PINs or biometric scans has shown to be time consuming and not completely as fool-proof as expected. The drive is to improve security so it stands to reason that more factors will equate to more security.

If 2 factors authentication is more secure than 1 factor (password only), then 3 is even more secure than 2 and so on. To drive home this point at Saturday Night Live-level extremes we launched a new 11-Factor Authentication solution to showcase the absurdity of this approach.

The headline of this new app describes itself as:

The most secure, friction-filled password manager of all time.

11 Factor remembers all your passwords for you, and then makes it basically impossible for anyone (including you) to retrieve them.

 See how far you can go into the ll-factor authentication challenge and then step back for the real questions that come to mind, which are:

  • How many factors are required to absolutely and beyond all shadow of doubt be truly be secure when authenticated a user to an information resource?
  • At what point will the user community revolt and decide that they cannot take it any longer?

The best of both worlds can only be an infinite-level MFA solution that has absolutely no drag.

MFA Without The Drag

Acceptto understands that you are extremely busy and don’t have time to waste on remembering passwords, retrieving and typing in PINs or scanning various body parts in order to differentiate your identity from someone else. Your immutable identity is a combination of your physical behaviors, attributes and Digital DNA. We believe passwords are no longer relevant and that what you need is a way to immutably authenticate someone in order to be truly secure and compliant.

We call it Continuous Cognitive Authentication. You can eliminate preventable harm with our Biobehavioral AIML technology that enables frictionless authentication, prevents credentials stuffing instantaneously, ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without the guesswork or latency.

Acceptto is a transformative multi-factor authentication technology that delivers continuous identity protection and peace of mind in an age where passwords are ineffective and identity authentication is mission critical.

See for yourself what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy, especially for your PCI compliance requirements. Register for a free trial today.


Related Stories

Pin It on Pinterest

Share This