| Influences on the Adoption of Multifactor Authentication | |
| Martin C. Libicki ; Edward Balkovich ; Brian A. Jackson ; Rena Rudavsky ; Katharine Watkins Webb | |
| RAND Corporation | |
| RAND Corporation | |
| 关键词: Computer and Information Science and Technology; Emerging Technologies; Cybercrime; Health Information Technology Interoperability; Banking Infrastructure Security; Defense Infrastructure; | |
| ISBN : 9780833052353 RP-ID : TR-937-NIST |
|
| 学科分类:自然科学(综合) | |
| 美国|英语 | |
| 来源: RAND Corporation Published Research | |
 PDF
|
|
【 摘 要 】
Passwords are presently the primary method by which users authenticate themselves to computer systems. But passwords are proving less and less capable of protecting systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it. The authors reviewed the academic literature and articles in the trade press and conducted structured conversations with selected organizations that use or have contemplated using MFA. They found that the type of organization — for example, defense contractor, bank, hospital — affected its MFA choices. MFA is mandated for U.S. government agencies, which tend to use PINs and tokens for remote access. Among private users of MFA, tokens that generate one-time passwords, rather than biometrics, predominate. The researchers recommend that the U.S. government develop methodologies by which the costs and benefits of mandating MFA can be evaluated. Guidance by the National Institute of Standards to government agencies may be useful in helping them sort out the various arguments for and against mandating MFA in a given sector.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| Full Document | 413KB |  download |
|
| RO201804120002460LZ | 141KB | download |
878987797
028-85220240
