Placing “secure” portals in a public environment. Everything went downhill from there. Logically secure activity is not public, it is performed by KNOWN entities.
Last century there was no method to provide secure services to only known users. So, an alleged “secure portal” was placed on a public website & Indirect Assertion of Identity was introduced for authentication.
The problem with Indirect Assertion of Identity became clear almost immediately. Standards were proposed, published and set forth in formal guidance: “Two or more factor” authentication. Factors were defined as “Something you…”: “know”, “have” or “are”.
Deploying these Unique Factors at the endpoint is half a solution applied in the wrong location. These Factors at the endpoint, are Data at the point-of-authentication. Data is One Factor, a failure to meet basic guidance.
Direct Assertion of Identity eliminates the First Cybersecurity Mistake by creating a virtual serialized environment as a FACTOR for secure activity. When only known users can access a secure portal, cybersecurity evolves!
Einstein provided the solution in his “Spooky Theory” and he described today’s cybersecurity environment with his theory of “Insanity”.