In this episode of the Security Ledger podcast, we interview Matt Salisbury of Honeybadger HQ, about his anti-fraud startup and how AI and machine learning are breathing new life (and potency) into knowledge-based authentication. discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
Usernames and passwords have been with us almost as long as computers themselves – at least since the early 1960s when MIT introduced the Compatible Time-Sharing System (CTSS), an operating system, that was the first computer system to implement password login.
60 years in, passwords at a breaking point
Six decades later, however, password use has tipped into the absurd. A 2017 study by Lastpass of its business users found that the average employee maintained 191 passwords in their account. That means the average 250 person company maintained more than 47,000 passwords. If the data is right, many of the passwords employees use are weak and easily guessed – or used across multiple applications.
The adoption of so-called “two factor” authentication has helped with that problem, but even that technology has its limitations, as the recent hack of ride sharing firm Uber showed. But the key question for companies and employers remains the same: what is the most reliable and secure way to make sure someone seeking access to our network or applications is who they say they are?
AI juices knowledge-based authentication
Our guest on this week’s podcast has an answer to that question, and it may not be what you’re expecting.
Matthew Salisbury is the CEO of the firm Honeybadger HQ, a Menlo-park based fraud prevention startup that has developed a novel way to do “knowledge based authentication” to verify account holders. The company’s technology uses machine learning to find derived information about the user and create a custom test based on that information that can quickly and securely verify the user’s identity.
For example, instead of asking the user to enter personal information like their mother’s maiden name or elementary school -the traditional approach to knowledge-based authentication that fraudsters readily gamed – the system harvests information from data points like the geographical details or information in the user’s profile or background information. It then creates custom user authentication tests based on that data.
We invited Matt into the studio to talk about Honeybadger’s technology and how AI and machine learning are changing the conversation about what’s possible when it comes to knowledge-based authentication.
You can listen to the podcast using the player (above) or download the MP3 using the button.