March 2, 2020

Authentication In A Quantum Computer World

Can you imagine a computer so smart that it can do calculations 100 million times faster than any classical computer? According to a Google blog back in 2015 it is actually possible and then claimed quantum supremacy in late 2019. Now think of the implications a computer like this will do to your IT Security strategy?

What Is Quantum Computing?

Before we address the implications of quantum computing on IT Security strategies, it is best if we start with some basic understandings of what exactly is quantum computing. According to a Wired Magazine article titled “What are quantum computers and how do they work? WIRED explains”:

“Quantum computing takes advantage of the strange ability of subatomic particles to exist in more than one state at any time. Due to the way the tiniest of particles behave, operations can be done much more quickly and use less energy than classical computers.

In classical computing, a bit is a single piece of information that can exist in two states – 1 or 0. Quantum computing uses quantum bits, or 'qubits' instead. These are quantum systems with two states. However, unlike a usual bit, they can store much more information than just 1 or 0, because they can exist in any superposition of these values.”

While this may sound like science fiction or at best a Hollywood movie, it turns out that both Google (with NASA) and IBM have been working on delivering quantum computers and both have made claims in late 2019 to be close to success.

Why Should CISO's Be Worried About IAM With Quantum Computers?

The bottom-line here is that quantum computers will be able to break existing encryption and Identity Authentication in minutes where current computers would take hundreds of years. The Wired article cited above goes on to report:

“Quantum computers operate on completely different principles to existing computers, which makes them really well suited to solving particular mathematical problems, like finding very large prime numbers. Since prime numbers are so important in cryptography, it’s likely that quantum computers would quickly be able to crack many of the systems that keep our online information secure. Because of these risks, researchers are already trying to develop technology that is resistant to quantum hacking, and on the flipside of that, it’s possible that quantum-based cryptographic systems would be much more secure than their conventional analogues.”

So how can a CISO or the IT Security team prepare for a world post quantum computers?

Continuous Behavioral Authentication Is Quantum Proof

The question that will now come into play for IT Security professionals is if there is anything available to protect the organization from cybercriminals utilizing quantum computers? Is there anything that can outwit even a quantum computer?

While our biometrics may not be a secure and unique as we had hoped, our behavior does uniquely define us individually. New advances in technology allows an approach to identity access management that can continuously monitor and authenticate a user pre, during and post authorization.

Acceptto’s eGuardian® engine continuously creates and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Behavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

With Acceptto’s Continuous Behavioral Authentication you can ensure:

  • Actionable threat analytics: Real-time, continuous identity monitoring & validation post-authentication.
  • Dynamic authentication: Adjustable, risk-based policy orchestration and continuous enforcement.
  • Credential stuffing neutralized: Eliminate account takeover (ATO) instantly with intelligent contextual MFA.

Check out what Acceptto can do to protect your identity authentication requirements in a post quantum computing world and ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.

 

identity Access Management continuous behavioral authentication quantum computer