“Kill Biometrics” is as silly as “Kill Passwords”
Sounds silly, right? It is. And it’s just as silly to say “kill passwords.” Here’s why. Currently, there are only three recognized “factors” – something you Know (password or PIN), something you Have (technology), and something you Are (biometrics). There are two more coming (location and behavior), but adopting those could take a while. Killing any one factor accomplishes nothing. It simply limits your security resources. Factors don’t need to be killed, they need to be secured and combined with other factors. Read More→
The government is never going to fix its cybersecurity problem until it fixes its procurement problem!
Shockingly, there are no NAICS, SIC or SIN CODES for cybersecurity products on the GSA Schedule. As a California Certified Small Business owner who offers multi-factor authentication (MFA) products on the GSA Schedule, this is a serious problem.
Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to keep our nation’s electronic data secure. Current procedure involves a keyword search on the GSA Schedule. If the exact keyword is not typed or listed, no match is found. An agency’s only recourse then becomes generating expensive and time consuming RFIs, RFPs and RFQs. Cybersecurity NAICS, SIN and SIC codes are designed streamline the entire process, save money and ensure fast cybersecurity implementations. Read More→
Cybersecurity Executive Order – Open Letter to President Trump
February 8, 2017
President Donald Trump
The White House
1600 Pennsylvania Avenue NW
Washington DC 20500
Re: Small Business Response to President’s Cybersecurity Executive Order
Dear Mr. President,
Thank you so much for your initiative with our nation’s Cybersecurity.
As a California Certified Small Business owner who offers a multi-factor authentication (MFA) product on the GSA Schedule, I have an important concern: Currently, there are no NAICS, SIC or SIN procurement codes for cybersecurity products on the GSA Schedule. This makes it difficult for government agencies and departments to find, let alone implement, the products you are mandating.
A year ago, I sent a similar letter to President Obama. NOTHING has changed. I trust that you are the man to fix this ridiculous problem. By simply adding cybersecurity procurement codes on the GSA Schedule as part of your Executive Order implementation, cybersecurity solutions will be implemented much faster. Read More→
Why do biometric fanatics want to “Kill Passwords?”
When biometric fanatics evangelize “Kill Passwords!” in favor of biometrics they create a false security narrative. Replacing one form of Single Factor Authentication (SFA) with an alternate form of Single Factor Authentication adds nothing. It simply trades one factor for another. The whole security argument against any Single Factor Authentication is that the hacker only needs one piece of information to break in.
While biometric fanatics like to tout the weaknesses found in knowledge based authentication, (and I readily admit there are some), there are also a number of inherent weaknesses in biometrics. In this series of short blog posts, I will outline those weaknesses. My ultimate goal is for the reader to understand that if we go down the “either/or” cybersecurity path in choosing biometrics over passwords, everyone loses. The smart and secure cybersecurity solution is the “and” path, also known as Multi-Factor Authentication (MFA). Read More→
Did you know: The U.S. Courts have deemed that passwords are protected under the U.S. Constitution?
U.S. Courts have ruled that passwords are considered free speech since they are considered “knowledge”. Therefore, under the Bill of Rights, 5th amendment , no person is required to disclose information that could incriminate themselves. DNA and biometrics, on the other hand, are not protected by these same rights. What’s more, Private Keys are not protected by the Constitution since they are computer generated and not considered an individual’s “knowledge”. Read More→