Stories
Slash Boxes
Comments

SoylentNews is people

How To Make People Sit Up And Use 2-Factor Authentication

posted by chromas on Thursday March 07 2019, @05:40AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

In a presentation at this year's RSA Conference, taking place in San Francisco this week, Dr L Jean Camp, a professor at Indiana University Bloomington in the US, and her doctoral candidate Sanchari Das, detailed their research into why people aren't using Yubico security keys or Google’s hardware tokens for multi-factor authentication (MFA).

For those who don't know: typically, you use these gadgets to provide an extra layer of security when logging into systems. You enter your username and password as usual, then plug the USB-based key into your computer and tap a button to activate it. The thing you're trying to log into checks the username and password are correct, and that the physical key is valid and tied to your account, before letting you in.

That means a crook has to know your username and password, and have your physical key to log in as you. We highly recommend you investigate activating MFA on your online accounts, particularly important ones such as your webmail.

What the pair found during their research work derails any previous assumptions that the lack of MFA uptake is because people are stupid, or can't use the technology. What it comes down to is education and communicating risk.

Original Submission

 
This discussion has been archived. No new comments can be posted.
How To Make People Sit Up And Use 2-Factor Authentication | Log In/Create an Account | Top | 43 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by PiMuNu on Thursday March 07 2019, @04:17PM (1 child)

    by PiMuNu (3823) on Thursday March 07 2019, @04:17PM (#811172)

    Interesting, they tried such a thing in the UK, but the implementation is so terrible that no one (including government departments) wants to use it...

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 3, Interesting) by FatPhil on Friday March 08 2019, @12:45PM

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Friday March 08 2019, @12:45PM (#811511) Homepage
    Estonia was a country that reinvented its infrastructure, almost every part of it (exceptions being the mechanical things like the presence/absence of roads, tram tracks, and trolley-bus power lines), upon reindependence. Its legal system was put together by academics who knew other countries' systems inside out, and borrowed only the best bits from exemplar states (Germany/Finland I'm guessing). It knew tech was the future, and basically looked at Finland's example and said "we can do that quicker than you, as we have no backward compatibility to worry about", and indeed caught up very quickly, and indeed did get the jump on Finland for a few things - e.g. paying for car parking using an SMS on your phone. So it's unsurprising we have such integrated infrastructures, we have the highest rate of electronic home voting too (I think more than half of the votes were electronic this year (and the split between the parties in the pre-counted evotes vs. the final result was very telling - you can see which parties attract votes from smart modern types, and which from dinosaurs!).

    People sometimes ask me why I left the UK 2 decades ago - it's because I saw the future.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves