 |
| Slippery Reef Knot |
The Slippery Reef Knot is one such example. If we pull on the "slippery" end, it undoes the knot. If we pull on the other end, it tightens the knot.
But what if we made both ends slippery? Then, dear readers, we have what is known as a Bowknot.
 |
| Bowknot |
Just like the kind you finish off wrapped presents with, or tie your shoelaces with.
The misconception here is that making both ends slippery, doubles the "slipperiness" of the knot. Not so! What has happened now is, instead of having one end being a quick-release mechanism, you now have two quick-release mechanisms. Pulling on either one end unties the entire knot. The quick-release mechanism functions the exact same way, and neither slippery end contributes to the other's quick-release mechanism.
Similarly in tech security...
You may have heard me speak of 2FA before. 2FA is an acronym for Two-factor Authentication. Meaning, a system that requires the user to authenticate in two different ways. Having two password fields does not count, because it just means that the user authenticates two times, the same way. |
| Biometrics! |
Using a password and a fingerprint scan combination would count. Because then the user would have to authenticate two different ways.
Let's tie these two situations together (pun intended). Someone tying a Bowknot expecting the knot to become more slippery than a Slippery Reef Knot, is like adding an extra password field to a system expecting to make it more secure. It doesn't. It only makes the system more inconvenient for the user. If attackers can bypass one password field, they can bypass two.
The takeaway
More of the same does not mean more of the benefits. That's really the common thread here. In security, the nature of the attacks are wide and varied. So, too, must your defenses be.Taking a bow,
T___T
T___T
No comments:
Post a Comment