RSS Alerts

Related Links

Related Stories

News

RSA Europe: Two-factor authentication is worth nothing, says executive director, EEMA

21 October 2009

At the RSA Europe conference, 20 October 2009, in a session titled ‘Governments face up to the cyber security challenge’, Roger Dean, executive director of EEMA, declared two-factor authentication “not worth anything anymore”.

Dean, who was speaking alongside ISF’s CEO and President, Howard Schmidt, declared two-factor authentication worthless due to man in the middle attacks. Schmidt disagreed: “The reduction of ID theft and fraud has been reduced with two-factor authentication”, said Schmidt, “and I use the technology with a great deal of confidence. The masses are more secure with two-factor authentication”.

Addressing the government’s cyber security challenge, Schmidt cautioned “we need to modify how we talk about ‘cyber terrorism’”.

“Network terrorist organisations are focussing their efforts on financial gain. They are working with criminals to build up a fund”, said EEMA's Dean.

Schmidt and Dean were in agreement that one of the biggest challenges facing the government is collaboration with the private sector (up to 85% of critical infrastructure is owned by private industry). “Working with the private sector is a slow process”, said Schmidt, but it’s an important partnership and essential to have ‘a seat at the table’”.

“Governments are dependent on the private sector to secure infrastructure” said Dean. “If we, as an industry, don’t make bigger strides, there will be more government legislation. The threat of government legislation alone drives changes. Regulatory governance will always be a few paces behind” he said.

Digital Pearl Harbour

In response to an audience question, Schmidt declared the likelihood of a ‘digital pearl harbor’ less likely than ten years ago. “There’s certainly potential for an attack similar to those on Estonia and Georgia, but we’re in a position to recover better than ever before”.

Schmidt admitted a “tremendous resource issue” with law enforcement. “Other threats, like physical terrorist attacks, and stabbings are diverting law enforcement’s attention away from cyber security. We still have 18th century laws looking at 21st century technologies – that needs to be changed”.

Schmidt referred to the seeming delay in President Obama’s appointment of a cyber-czar, stating that “I’d rather the government take their time in employing the right person, rather than rushing it. Things are being done, but it’s just not out in the open yet. There’s some confusion about what the roles are, and that will take time”.
 

 

This article is featured in:
Identity and Access Management Public Sector

 

Comments

josephadeo says:

21 October 2009
At VeriSign we're with Howard Schmidt -- two factor authentication is far from useless, and in fact the types of attacks it does protect against are rather plentiful. Throwing the baby out with the bath water would, certainly, do a lot more harm than good, and open up consumers to all sorts of risk. It must said however that the best approach is a multi-faceted one: Relying on any single security method is asking for trouble. But if, for example, log-in data was protected and connection points were encrypted -- the former with 2FA and the latter with extended validation ssl -- the chances of vulnerability significantly decrease. A lot of developers and online merchants seem to be waiting for a cure all when they could be applying multiple solutions with great success.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water