Something you know, something you are, something you wear?
Multifactor authentication - combining passwords and PINs with biometrics and tokens (something you have) - can dramatically improve your risk profile. Organizationsstill find numerous reasons to delay or reject most two-factor authentication methods. User adoption, cost per client, and lost token replacement costs are common concerns.
Perhaps we need to re-think the token form factor. For years, we have tried to make tokens small and unobtrusive. Keyfobs, for example, are small and convenient, as are credit card time tokens. Obviously, they are not convenient enough. For many users, tokens are one more object to deal with and for IT admins, they are one more object users will lose.
Why not leverage society's ageless attachment to jewelry and marry tokens with bling-bling? Suppose we combine PINs and passwords with something we *wear*? Why can't we marry proximity-sensing and two-factor authentication technology and incorporate these into
rings, earrings, and lapel pins? If these are not manly enough, integrate proximity technology with a watch or ID bracelet. Any jewelry item will do, so long as it invites users to wear it daily, and value highly it enough that they won't lose it. 18K gold rings may sound like an expensive outlay, until you factor the near-zero replacement costs and reduced account administration:-)
Silly? Perhaps. But "something you wear" really isn't that far-fetched. Many organizations require badges. Users historically do a better job of protecting the company IDs than tokens. If you don't want to go the jewelry route, is it so wrong to consider the integrated ID?
Archived at http://www.securityskeptic.com/arc20041101.htm#BlogID327
by Dave Piscitello