In the physical world, we have long deployed the dead bolt as a means of access control. It has served us well for many years, and it is a sturdy, resilient way to restrict access to a particular area that we deem sensitive. However, the dead bolt has a fatal flaw – it is accessed with a key, which can be copied or stolen. The dead bolt can be accessed by anyone who holds the key, regardless of whether he or she is the real owner or not. In effect, a malicious actor with the key renders the dead bolt useless. A dead bolt can also be picked, or brute forced, by skilled enough hands.

In the logical world, the equivalent of the dead bolt is password-based authentication. Like the dead bolt, the password has been a technology that has served us well for many years. However, it shares the same fatal flaw as the dead bolt. A malicious actor who has stolen the password can use it to authenticate, even without being the true owner.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access