Old School MFA
Back in the early nineties, my father would bring his laptop home and before any of the Internet protocols really caught on, he had access to what would now be a VPN to be able to get into work remotely. Not only this, but the VPN would run off of two-factor authentication! It seems that in the early 2000s to early 2010s, people forgot how to properly do security when the world wide web finally broke out.
He’d boot up the old Compaq laptop, connect an RJ11 cable into the side port that held a modem, and when he was sure that no one was going to use the phone, would dial into an office gateway, enter a username and password, and then he’d be prompted for a code. This code was associated with a hardware key that would cycle through a new number every minute. Two algorithms running a world apart would churn out a number based on time that would need to match.
As a huge fan of Sneakers and War Games at the time, I loved the idea of a secret code being needed to access remote servers. The whole concept of the Internet was a fantastical idea for me that freed me from the confines of a cold house in the winter and sent me on international missions of mystery anywhere in the globe.
Thinking about how MFA has evolved and become common place, it reveals that not all good ideas are adopted early. Perhaps early MFA with hardware keys were too expensive and when email was used, spam filters caught too many automated messages or people usually didn’t have more than one email address. With SMS messages, the cost per message was more than gold, and no one even thought about robocalls with synthesized voices (voice calls were also expensive). So, the technology languished until all of those prices came down PLUS lay people started to understand the potential damage that could be caused by relying only on a username and password.
What innovations are waiting for other technologies to catch up to be useful? Will higher pixel camera technology help with iris-based unlocking? What about accelerometer data and understanding your gait to unlock a device? Or to measure your heart rate? We have shorter windows to predict the next breakthroughs but there is still an opportunity to uncover these and take advantage of being early.
