The following blog post inspired by this article:
And this clip from Anger Management, "Dave, who are you?":
IT Security Systems are designed to irritate you with just one question, "Who are you?" That's one of the biggest questions we want to know, "are you who you say you are?" And I got to tell you, after 10 years in the biz, you build up a complete distrust for everyone, and I mean everyone around you so you better be able to prove you are who you say you are. Somehow, we have to build an infallible way to customize the Identity proofing experience so it's customized to just you. The problem is, you are changing all the time, year to year, day to day, even second to second. The other problem is, you make it real easy for me to pretend I'm you. The real problem to that is, people and IT systems can be fooled real easy.
Now that we've identified the problem what are some of our methods? Usernames and passwords, hardware tokens, PINs, biometrics.... all of which are susceptible to theft, forgery, brute force attack, etc. "So tell us something we don't know Kamran!" I'm working on it... as you should be too.
No comments:
Post a Comment