To the Editor:
Re “Perils of Two-Step Authentication” (Op-Ed, Jan. 28):
Josephine Wolff raises legitimate questions about the effectiveness of two-factor authentication and its use as a best practice. But she engages in the timeless tradition of using FUD — fear, uncertainty and doubt — to make her argument.
Certainly, multifactor authentication is not the holy grail in identity authentication, but it has had a positive effect in securing data compared with the password-only approach, which has failed miserably.
Until we are able to move security completely away from the end user, the end user has a responsibility to do whatever he or she can to manage risk.
There will always be vulnerabilities in cybersecurity. Our objective should be to create resilient solutions that manage risk effectively. Best practices are used because they are informed approaches and solutions to common challenges.
As we seek to create a culture of cybersecurity awareness around the globe, the best practice of multifactor authentication is not the ultimate goal, but is certainly an important step forward in educating the user on his or her responsibility in cyberspace.
Kiersten E. Todt
The writer, a former executive director of the Presidential Commission on Enhancing National Cybersecurity, is the managing director of the Cyber Readiness Institute, a nonprofit.