It was funny when Kramer said it, but perhaps not for the reasons we now understand.
Asked by Jerry Seinfeld about a puzzling incident in life, Kramer replied by asking, “Why does Radio Shack ask for your phone number when you buy batteries? I don't know.” Yes, it may have felt odd for a store to want your phone number in the 1990s but today this sort of limited data request seems almost quaint. When you do business with a company today, they know a lot about you. They know because you trusted them with your information.
If you run a business, it’s likely you have entered into a serious and complicated trust relationship with your customers. The relationship may have crept up on both you and the customer, but if you’re like most business, you have a database of customer information that usually includes personal identifiers like addresses, phone numbers, and email addresses. For sure, you have a big repository of usernames and passwords. You’re the custodian of that information whether you want to be or not. If it gets stolen, it’s your fault.
It may not be a big deal, but it probably is. It is probably a very big deal. Kramer may not mind if someone steals his phone number from Radio Shack. It might even make a fun plot for the Seinfeld cast reunion special. Most customers, however, are upset by data breaches that put their information into the wrong hands.
Dealing with the Risk of Password Theft
Addressing this risk is the subject of our new white paper, Making the Move to Dynamic Multifactor Authentication (MFA). While user names and passwords may endure for years, many organizations are implementing MFA as a countermeasure to the threat of data breaches and unauthorized access. MFA is a security technique that requires more than one method to authenticate an application user. With knowledge-based authentication (KBA), for example, an application or website solution might ask you for your mother’s maiden name or a one-time password (OTP), which involves sending you a unique identifying code you enter use to gain access.
MFA offers a more robust security solution due to its ability to authenticate a user with more than just a user name and password. Also, with fewer (or no) identifying elements stored centrally, MFA makes it much harder for malicious actors to gain unauthorized access to business systems or customer accounts.
But this kind of simple MFA presents its own challenges. An “MFA Conundrum” if you will. Check into our next post to learn about it.
Interested in learning more?
Meet with us at RSA - booth S2826 and make sure to register for our upcoming webinar, "The Consumerization of Authentication" taking place on February 21st.