Tuesday, February 26, 2013

Tech-Smart Parents and Preschoolers

   This past weekend I had the opportunity to do something fun and different!

   I've been lecturing on Internet Safety and Awareness to all kinds of groups for about 15 years.  I've met with parents and professionals at conferences, businesses, churches, school district parent fairs and have even provided training to law enforcement personnel.  I enjoy doing this and always learn something new.

   After presenting at a school district parent fair last fall, I was invited to present at a local Young Children and Technology conference, specifically covering technology for the preschool and younger set!  Since most of my material is targeted for parents of preteens, teens and older, I knew I had some work to do!

   As I dove into the research, I found that there are similar categories of issues, but clearly preschoolers and toddlers use technology different than teens.

Tuesday, February 19, 2013

So What's the Authentication Answer? - 3 Factors of Fail (part 7 - last!)

   We've been discussing the authentication problem for the better part of two months, and now it's time to wrap things up.  If you've gotten to this post through a link but haven't read the rest of the series, it starts with part 1 here.

   Each of the 3 factors of authentication have serious issues when used individually.  The challenge is that we need to log a person into a system or application in a way that reasonably assures the person is who they say they are and has rights to the system.  And, perhaps most importantly, any method we use has to work well for people!

   So, how do we find a solution?

   The key is to think about the user and the use.

Tuesday, February 12, 2013

Multi-Factor Fail - 3 Factors of Fail (part 6)


from: brainyquote.com
   In December I was at the NG Security Conference in Austin, TX.  We had a fantastic discussion with a group of key security leaders focusing on this "quote" and how it applies to information security.  I say "quote" because there is some question as to who said this or if anyone actually did!

   As I've been saying throughout this series of posts, it seems that this statement is exactly what we are doing in the world of authentication!  None of the typical factors of authentication have really solved our authentication and access problems, yet we continue to use the same mechanisms over again.

Tuesday, February 5, 2013

The 4th Factor? - 3 Factors of Fail (part 5)

   Welcome to the next installment of my ramblings on authentication, 3 Factors of Fail.  So far we have discussed the classic 3 factors of authentication in parts 1, 2, 3 and 4.

   In recent years some additional authentication assurance methods have been grouped to form what some call the 4th factor of authentication.  This is also called risk-based, location-based or adaptive authentication.  It could also be called "somewhere you are" or "something you are doing".

   The basis of this method is in establishing a rich profile of the user.  This can include:
  • the machine used for access;
  • software used;
  • time or day of accesses;
  • IP address(es) used;
  • what country the connection comes from, or;
  • what actions the user attempts.