In a Faceless Environment; We Need a New, Multidimensional Approach to Authentication
Until we get to a stage where we can guarantee the confidentiality of static identity reference data, such as names, addresses, emails and favorite cat colors, we must move away from relying on knowledge-based authentication.
Truly massive amounts of this information are stolen on a regular basis, proving we are far from achieving its confidentiality. Moreover, it is a straightforward process to use this data to steal, or at least borrow, someone’s identity.
There is, however, a wealth of dynamic, behavioral, reputational and association-type information that can add many organic dimensions to identity verification data, making it far more difficult to compromise than static, “flat” reference fields.
In this session, we will describe two key use cases where a layered approach to identity authentication using a variety of dynamic data sets can provide a multidimensional reference model that adapts to changes in the environment, to build confidence in the validity that someone is who they say they are and that they are interacting on the right device.
Source: SANS ISC SecNewsFeed @ June 30, 2016 at 04:54PM