Two-factor authentication is no longer a guarantee of security. What can replace it?

Rakhiraqsdiwseo · Post by **Rakhiraqsdiwseo** » Sat Feb 08, 2025 5:10 am

Sergey Stelmakh | 04/16/2020
Many market observers view two-factor authentication ( 2FA ) as a secure method of identification, but is it really that resistant to hacking? ComputerWeekly quotes David Harding, senior vice president and CTO of ImageWare Systems, on this topic .

It has long been known that passwords are one of the weakest methods of user authentication. One of the first cases of password hacking occurred back in 413 BC. Then, in one of the night battles that took place during the Peloponnesian War, the Greek army decided to use a code phrase to determine where a friend was and where an enemy soldier was. However, it became known to the Spartan troops, and they did not fail to pass themselves off as allies of the Greeks. As a result, the Greek army suffered a crushing defeat.

Today, it is common practice to set the bosnia and herzegovina mobile database possible requirements for passwords, both in length (number of characters) and complexity (variations of symbols, numbers, and signs). As a result, they often become a weak point in the organization's security infrastructure. Password databases help to cope with this situation, providing users with a secure storage of complex passwords, which eliminates the need to remember them. On the other hand, the consequence of this approach is the formation of a single point of failure, which is fraught with endpoint security.

To increase security, many organizations have begun to use an additional security layer, 2FA, to manage access points. The downside is that if a device is lost, stolen, or hacked (for example, by malware), most 2FA systems are compromised. “2FA does not identify an individual. It identifies a device. In the security industry, this is commonly called ‘identity approximation.’ It is not identity identification,” says David Harding, senior vice president and CTO of ImageWare Systems. “Identification or authentication assumes that a device belongs to or is in the possession of a specific individual, but in reality, there is no evidence to support that assumption. All we know about a device is that it is there.”