State, city, and county government agencies around the USA, and likely elsewhere, are adopting two-factor authentication as a means to comply with regulations for increased information security. Yet, when the consensus about such methods is largely negative, we wonder, why bear the expense for a mediocre solution?
In the first half of 2012 over 8 million records containing sensitive information were compromised through 219 network breaches. (SOURCE: “ITRC Breach Report” (Identity Theft Resource Center, July 2012)) When we look at the implications this has on our sensitive data, we should all be pleased to see organisations seeking ways to beef up security. Yet, two-factor authentication brings more hassle than it’s worth. The cost of implementation, support, and ongoing fees for replacement of the authentication token; the problems and delays incurred when tokens are misplaced; the open access to data given to anyone who is able to obtain a token (perhaps fraudulently). The list of difficulties brought by two-factor authentication is longer than then list of strengths.
Alan Shark of the Public Technology Institute says, “Of course, two-factor authentication is a good idea, but the bad guys are so far ahead of us.” If our security measures only play catch-up with the crooks and criminals, can we really afford to call it security? When all our solutions are good for is putting on a pretty face to those who don’t know better, or making it increasingly inconvenient for hackers, this isn’t security – it’s pandering.
The fact is, there are better solutions out there, for those who are willing to look for them. Implementing two-factor authentication because the buzz words are popular does not accomplish any organization’s goals. Strong mutual authentication like Tricerion’s SafeLogin and triangulation makes implementation hassle-free while providing a level of security that two-factor authentication lacks.