0

Recently, a Federal Judge ordered Marriott to reveal the forensics report for its data breach. I know the Courts have sided with businesses in the past to keep the forensic details of breaches from public disclosure (this may now be changing). And I have looked extensively to find information about the authentication systems that were in use by businesses at the time data breaches occurred and can find almost nothing. (I can understand the many authentication vendors would not want the negative exposure if their system were involved.)

Can anyone point me to a good summary or list that would describe or name the actual authentication systems involved in the major breaches of the past 5 years? Full disclosure: I intend to use the data to test a hypothesis that the "password problem" that leads to data breaches is not solely due to passwords but rather there is a systemic problem with current authentication systems in general.

gethopr
  • 31
  • 4
  • 1
    The biggest systemic problem with any type of authentication is the end user. – Overmind Sep 27 '19 at 06:43
  • @Overmind True. End users have habits and behaviors that can/do weaken security. But good authentication system design should recognize that and not add to it. The popular approach (at a system level) is to constrain the end user behavior which adds "friction" to the login process (human tests, CAPTCHAs, security questions, password policies). End users naturally avoid friction. A better system approach is to strengthen security while simplifying the end user experience. – gethopr Sep 28 '19 at 11:26
  • Given that you have already recognized that this data is very hard to obtain, the sample set of data which you might get here will be so skewed as to render any conclusion regarding your hypothesis as invalid. – symcbean Sep 28 '19 at 11:46

0 Answers0