"if a person has control over any function, it can also be used to control the computer" -- the main topic of this article. This principle can be viewed as one part of a huge dilemma that sometimes appears when the issue concerns the privileges a basic user should have. The problem arrives from ether having the user be free and have full control of their system, thus leading to all security being put on the user. Or restricting the user from some features in order to protect them.
[Source: https://www.thecloudpeople.com/hubfs/Imported_Blog_Media/the_cloud_people-blog-two_factor_authentication-3.png]
Currently its popular to let the user have full control and allow them to influence security levels by themselves. This leads to cyber security specialists receiving a problem such that they cant solve, simply because no matter how many safe guards or security functions they implement, they are useless if the user can turn them off. I will talk about one such example. A few years ago, a user of a popular platform for video streaming - twitch, created a brand new account. Upon the creation of one, the company asks you to verify your email, which is a mandatory action, thus cant be skipped. However after that the user was prompted to add two factor authentication from any of the given methods, such as a phone text or google authenticator or even a second email. But this was an optional feature. Therefore out user decided not do do it. In a few months the account was stolen. Even though the user could sign in, they no longer had access to changing anything. This resulted from someone else just adding their own email as the users two factor authentication and going through the password reset.
In conclusion it is really important to keep some features mandatory even though they might be annoying to set up, just to add security.
Comments
Post a Comment