Mar 22 / 2017
Our Ancient Ancestors Had a Lock on IAM
email@example.com (Christian Duvall, Group Vice President, Enterprise Services)
We live in a world that’s inundated with security concerns, stemming from rapid advancements in modern technologies (IoT anyone?). Every now and then, we get to see some really cool historical tech (like Baghdad Batteries) that surpasses what we would generally expect from our ancient ancestors.
So what can this historical piece of technology teach us that’s relevant to our modern identity and access management best practices?
- The lock requires two forms of identity: Something you know, and something you possess. With only one of the two, it’s inaccessible. By the classic definition, this is truly multi-factor authentication. While it doesn’t quite meet the measure of today’s standards, it’s more than fair to give it a pass based on sheer ingenuity. Even the standard locks used to secure our homes today are largely single-factor, giving the John Wilkes’ lock an edge.
- The lock has auditing and analysis built in – it actually counts how many times it was opened! Without the ability to analyze if your secured content has been accessed, even the strongest two-factor authentication leaves a massive hole for accidental or intentional abuse. It’s stunning that hundreds of years ago they got it right, where many still fail at this today.
- The lock follows the Principle of Least Privilege. Ok, ok – most locks do, but not all. Our blog about The Principle of Least Privilege demonstrates what happens when physical security doesn’t follow this rule. What do you think could happen if your systems didn’t?
- Unfortunately, like with most locks, if your authentication factors are compromised, you have to re-key and/or change your solution entirely. If the key is lost, it’s safe to assume that it would be a very intricate process to replace the key and retool the lock.
- The second factor, (“the thing “you know”), is not a reliable security measure. While deemed an “obscure” factor, much like a password, this particular secret is highly susceptible to brute-force attacks. The researchers who found the lock didn’t have any troubles figuring it out, and neither would someone who wanted badly to gain access. Changing this second factor would require a rebuild of the whole unit, which makes damage-control expensive and slow.
I hope you were as intrigued by this glimpse into the past as I was. It’s incredible to see how many best practices of current Identity and Access Management were built-in, hundreds of years before the first computer was ever built.