Where 2 is Weaker than 1 ?
We now rarely come across cybersecurity articles in which there is no reference to 2FA/MFA.
We also rarely come across the cybersecurity articles in which there is reference to ‘how the 2/multiple factors should be configured’.
Where correctly configured, a two-factor authentication actually provides a higher security than a one-factor scheme and a three-factor scheme is more secure than a two-factor.
Curious to know how they can be configured wrongly?
Answer — Deploy the two/three factors in a multi-entrance formation, instead of multi-layer formation.
Dissection — Assume the vulnerability (Attack Surface) of Factor A to be 5% and that of Factor B to be 3%.
When configured in multi-layer formation, the overall vulnerability would be 5% x 3% = 0.15%. Substantial security enhancement indeed!
When configured in multi-entrance formation, the overall vulnerability would be about 8%. [Exactly, it is 5% + 3% x (100% — 5%) = 5% + 3% — 0.15% =7.85% ]
When deployed in the multi-entrance formation, a 2-factor authentication is inevitably less secure than a single factor, and a 3-factor weaker than a 2-factor.
Ironically, 2 is weaker than 1, and 3 weaker than 2, whereas many people are misguided to believe the opposite, being trapped in a false sense of security. It’s a bonanza for bad guys!
Look around for multi-factor schemes involving biometrics and you would be surprised to witness most, if not all, of them deployed in security-lowering multi-entrance deployment.
Your sense of sanity would perhaps be shaken badly when you hear that a better identity security is achieved by involving biometrics.
Cybersecurity professionals should help make it clearly known that biometrics for authentication could be recommend where (only where) security does not matter.
Ref: “I support Biometrics as a Technology” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6993771041974095872-2eOx
Website — https://www.mnemonicidentitysolutions.com/
Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/
