First and foremost, cyber crime and data theft need to be stopped with offensive technology. I conclude that Intelligent Multi-Factor Authentication is the next generation in versatile authentication systems. There is zero reliance on static data and inflexible business rules, but on real-time context based user data that is actionable. It enables an organization to creatively mitigate fraudulent access while at the same time ensuring the least impact to user experience. Because the architecture is clientless, it enables organizations to deploy immediate protection regardless of organizational size and size of the enrollment pool. It can immediately inoculate an application or system of fraudulent accounts and fraudulent activity. Case in point, instead of RSA being required to replace all forty million SecureID tokens in Case Study 1, this authentication system could be integrated to an RSA authentication server and leverage the compromised authentication tokens as one of over twenty authentication attributes. The weighting of the SecureID token could be dialed down to a level of insignificance, thus rendering the compromised master cryptographic keys useless to those who stole them.
The answer to the question; Can this system be hacked is answered with another question. Can anyone or anything be you? This system constructs authentication decisions based on four parameters that make up our human behavior and while it is possible for someone to know certain information about our login credentials, they can never be you because you are the cipher in this system, thus there are over seven billion individual ciphers in the world. Each one independently unique, because nobody is quite like you.
Part 3 of this blog is comprised of research I did at The Fletcher School in 2011. Since that time there have been meaningful points of validation for my original conclusion. In 2013, Eric Schmidt, the Chairman of Google, co-wrote a book titled “The New Digital Age”. Schmidt validates that Multi-Factor Authentication has become the unofficial default standard for authentication in the technology industry,(151) however there still lacks a standard taxonomy between organizations in how to do it. What is means is that one companies interpretation of Multi-Factor Authentication may be very different from another, with varying results. The tech industry unofficially agrees this is the most secure approach that addresses both the cost and complexity challenges to internet security, however without a level of standardization the current problem will still remain, just in a slightly different form.
Moreover, on December 12th of 2013 the NSA Review Panel brought together by President Obama released their report after pressure from the Tech industry was applied.(152) One of the many recommendations made was that the NSA should internally standardize on encrypting all data at rest and data in motion.(153) Additionally, their internal systems should be protected by Multi-Factor Authentication technology.(154) Another point of validation for this being the most secure approach.
In my opinion it is time for Multi-Factor authentication, or as some call it, event driven security architecture, should become a default standard to all digital systems in order to best serve our digital lives.