Application: When Single-Factor and Multifactor Authentication Controls Fail

Application: When Single-Factor and Multifactor Authentication Controls Fail
Imagine you are a rookie cop on your first solo patrol. While walking your beat, you stop a man for suspicious behavior and ask him for his ID. While examining his ID, you ask a few probing questions. His answers seem consistent and his ID seems genuine. However, something still seems amiss and you ask for an additional form of ID. Fortunately, he has his passport with him. Everything appears to be in order. But as one last precaution, you “run” his name for warrants. He comes back “clean.” You hand him back his ID and passport, wish him a good day, and continue on your patrol. A few days later during a briefing, your sergeant is passing out pictures of suspects. The second one is the man you stopped a few days ago—he is wanted for identity theft.
Authenticating users is difficult. Regardless of how sophisticated your authentication controls are, they still can fail under the right circumstances. For example, a hacker might crack a bunch of weak passwords (single factor) or a pickpocket might steal a wallet containing a bank card that has its PIN written on it (two factor).
To prepare for this Assignment, read the Unit 2 Notes, located in this week’s Learning Resources, and find two cases within the last two years where single-factor and multifactor authentication controls have failed.
For this Assignment, write a 1- to 2-page paper that analyzes why these authentication controls failed and recommends mitigating controls.