(Image: Philip Steury via Adobe Stock)
When a heart unexpectedly stops beating, it doesn't care whether the body around it took the trash out this morning, kissed a spouse goodbye, or made sure to arrange for backup access to systems and data if a biometric authentication factor no longer passes the "live" test.
Imagine, for example, that the recently deceased is a senior executive with critical sales information stored in files, messages, and a smartphone. And imagine if that executive had done their security due diligence, and protected each of those accounts and endpoints with biometric MFA.
Now imagine it's your job to secure the organization. And the CEO tells you that the while the executive's demise is a certainty, the company's survival is not; and in order to survive, the organization needs access to those well-protected assets.
If you didn't plan for this, you might now imagine that you've got a problem.
As Kacey Clark, threat researcher at Digital Shadows puts it: "Death in the digital era is complicated."
Access denied by design
Sometimes, of course, it is entirely appropriate for digital access to die with the account holder.
"A system designed around biometric data scoped to a single user without the capability of administratively accessing that system without said user's biometric data, has made a declaration that individual privacy is more important than continuity," says Adam Mathis, director of information security at Red Canary. If no redundant option exists, Mathis says, it's most ..
Support the originator by clicking the read the rest link below.
