With that kind of access, a bad actor has a platform to be able to deploy attacks against the local voting system or even the statewide registration system. Clicking on a dangerous link, opening a dangerous file or even previewing a sketchy image can inject code that will allow a hacker to do anything and everything from spying directly on a user to hijacking control of the workstation (and maybe the network). A hacker getting an end user to do something foolish isn't just about getting passwords. "Social engineering" is the big one, and no amount of user training can thwart it entirely. That means there are some that things 2FA won't protect you from. Hacking is as much art as science, and as an art it allows for an almost limitless and ever-evolving palette for artists to work with - and there are some very good artists out there. In 2FA's more sophisticated form, this second passkey is either dynamically generated (such as through a text or email) or takes the form of a separate physical device (such as a card or fob).īut election authorities and consultants shouldn't fool themselves into thinking that 2FA solves all their problems, as I've heard some do. It's best understood by comparing it to that extra number on the back of your credit card that is now generally expected to be provided for commercial transactions.
2FA creates an additional requirement, beyond just a password, for access to systems such as the states' centralized voter-registration databases. These days in professional circles, for example, "two-factor authentication" is all the rage. Unfortunately, however, too many election administrators are putting their faith in cybersecurity tools that by themselves don't provide nearly the level of security they need. Thankfully, nobody believes that user training by itself is an adequate solution. Secretaries of state and other state-level election administrators, for example, have come around to the need to create "human firewalls" by training local administrators on safe and secure computer use. No one doubts that election administrators at every level of government have taken the call for increased cybersecurity seriously, recognizing the growing threats to our voting systems.
0 kommentar(er)
