Multi-factor authentication is all about what you know, have, and are. I’ll explain more shortly but for now, let’s start with your user name and password, both of which are things you know. What happens if someone knows what you know?
Authentication itself is a complex issue. What happens if you forget what you know? When you forget your password you request a new one but the generation of that new password and the requested access creates a backdoor. For hardware like routers and firewalls, there is usually an admin password set by the factory that should be changed.
Hardware comes with the ability to get access via something you have, physical access to the equipment. If that hardware had a biometric fingerprint scanner it would also incorporate something you are.
Phone systems typically have multifactor authentication in that they use a username, password, and a one-time token sent via text or email. A few years back I recall a client asking for multifactor authentication for a UCaaS system and the options were very limited.
Today toll fraud is on the rise, Robocalls are calling every phone I have non-stop to sell or scam me in multiple languages, and cloud phone providers are merging so quickly that security is becoming more and more of a concern.
Admin permissions changing hands at the carrier level are certainly a cause for concern. We’ve experienced widespread carrier outages whose RFO doesn’t make sense leaving us as SMEs to wonder what’s going on behind the curtain.
Phone systems should incorporate biometrics to further ensure security of the end users. It seems simpler and more effective than ‘something you have’ like having to use an access card to use the phone.
Users don’t necessarily want to trade ease of use for security. How hard would it be to adopt a habit of verifying your credentials prior to using the phone? We’ve easily adopted to doing so with our cellphones but would we with our social media? How about our desk phone at work? It truly depends on the organization but recent grads seem to be more likely to adopt new habits technologically.
Spoofing of numbers is the factor that allows RoboCalls to continue. Amit Pai and the FCC are working on a framework to end Robocalls using a new SHAKEN framework. We can stop it by policing voice traffic at the carrier level and adding an element of authentication but that’s unlikely. Another way to patrol this traffic at the carrier level is to block systems that are making multiple calls per second which would anger call centers and that’s also unlikely. So, since you can’t stop spoofing, preventing toll fraud is your next best option. You can do that by using multifactor authentication.
Although, there are very limited options for handsets that incorporate biometrics I suspect that that won’t be the case in the near future. Just as multifactor authentication was adopted so will biometrics. Question is, will that happen before cell phones increase their functionality and render deskphones obsolete.
If you’re interested in learning more about phone systems with biometric fingerprint scanners, contact us here.