Plurilock™ CEO Ian Paterson recently chatted about multi-factor authentication with Tom Eston from The Shared Security Podcast, in Episode 58.
Starting at 2:14 in the podcast, they discuss what constitutes good MFA and how organizational attempts to add a second-layer are falling short. They discuss issues with secret questions, hardware tokens, and SMS-based authentication, as well as balancing ease of use and privacy ramifications.
“I think that there are some good ways of doing multi-factor authentication and there are some not good ways of doing multi-factor authentication. So some examples of maybe good attempts, but attempts that come up short, would be using two forms of something that you know. A lot of banks actually are still stuck with this. Where you’ll have a login and password and then if you get through the login and password, then they’ll ask you a security question.”
— Ian Paterson, @4:22
Listen to the podcast to hear their discussion on the best practices for multi-factor authentication.
If their discussion piques your interest about authentication standards, read more in our comprehensive Authentication Guide here. ■
