Step 4: Implement Multifactor Authentication
According to OWASP, authentication is not sufficient when weak passwords are used or are poorly protected. However, insufficient authentication/authorization is common because organizations assume that interfaces will only be exposed to users on internal networks and not to external users on other networks.
The solution is to implement multifactor authentication, which significantly strengthens the authentication process since it aims to remove the password. This eliminates many pervasive methods attackers commonly and successfully execute.
How it works: take something you have (e.g., a smart card provisioned with a digital certificate) and something you know (your PIN) to gain access to the data you need — or buildings and networks, for that matter — while ensuring that the organizations you interact with are secure.
5 Recommendations to Secure the Internet of Things
5 Recommendations to Secure the Internet of Things
A reliance on passwords to prevent attackers from accessing systems, devices, and applications is outdated and ineffective. Attackers typically count on users implementing password-based security protocols, which opens the door to attacks — such as Trojan viruses, phishing, and man-in-the-middle — that take advantage of vulnerabilities. Attackers have evolved from simply wanting to achieve notoriety to becoming sophisticated thieves who steal personally identifiable information (PII) — such as financial and health care records and account numbers — to targeting the rapidly developing Internet of Things (IoT) market, where a hack becomes more personal and potentially life-threatening.
In this slideshow, Phil Montgomery, chief product officer at Identiv, will provide five recommendations to mitigate risk and maintain a strong security posture in this ever-growing connected world.
