The Dopefly Tech Blog

« The Dopefly Tech Blog Main page

Monty Python Uses Correct 3-Factor Authentication

posted under category: General on January 10, 2013 by Nathan

Let's talk movies and security for a minute. Obviously Hollywood has proven they don't know computers, don't know hackers and don't know security - they know fun stories and special effects, but there have been more awful portrayals of computing than good ones.

Single-factor authentication has been deemed bad form on the internet, and easily bypassed in movies. We have all seen where someone knows the password or cuts off a thumb for the fingerprint scanner. That's simply not enough security. In real life, most passwords in use are plucked out of the most used passwords lists. One single password is easy to guess, and it's obvious because people get their accounts 'hacked' all the time. Single-factor authentication is simply not good enough.

Two-factor authentication is better, but not perfect. Again, there are movies where voice and eye prints are stolen, or a password is guessed and a fake thumbprint is used. In reality, two-factor authentication comes around in the form of web sites that send you a text message or email when you first log in from a new device and you have to enter the code from that separate message. It is a huge step forward because now it's something you know (password) and something you have (access to the email or phone). However, if one account has been taken, how can you ensure a hacker has not also obtained access to your email? It's not foolproof, but it's much closer.

Three factor authentication means "something you know" (password), "something you have" (email/phone/badge/fob), and "something you are" (finger/eye/hand print, face scan, etc). If anyone in any movie actually used this, the bad guys would win a whole lot less. Think about it. You can't just take a finger with you because you need their password. Guessing the password and hacking their email account still means you are missing the physical person. Stealing a badge leaves you lacking as well.

In Monty Python and the Holy Grail, at the Bridge of Death over the Gorge of Eternal Peril, the bridgekeeper asks three very important questions. Let's look at them:

1. What is your name? In authentication terms, he wants "something you are."

2. What is your quest? Could be interpreted as "something you have" though, to be specific, this is something you do not have.

3. What is your favorite color? What is the capital of Assyria? Without a doubt, "something you know."

When you think of computing and movies, Monty Python has all of Hollywood beat. You heard it here first, folks.

Nathan is a software developer at The Boeing Company in Charleston, SC. He is essentially a big programming nerd. Really, you could say that makes him a nerd among nerds. Aside from making software for the web, he plays with tech toys and likes to think about programming's big picture while speaking at conferences and generally impressing people with massive nerdiness and straight-faced sarcastic humor. Nathan got his programming start writing batch files in DOS. It should go without saying, but these thought and opinions have nothing to do with Boeing in any way.
This blog is also available as an RSS 2.0 feed. Click your heels together and click here to contact Nathan.