Author: Scott Doudera, Information Technology Page 1 of 4

Adaptive MFA:  So much for Sci-Fi

Sticky post

Several times a year I receive notification that there has been another mass password breach with an online database. Whether from a pwned (compromised) website or successful phishing attempts, this proves how insecure simple password access can be. Many of us have been compromised at one point in our life, simple passwords just aren’t cutting it anymore. Where is the technology headed, are we going to need retinal eye scans going forward to access our information?

Multi-Factor Authentication is considered the solution to passwords. In a recent study by Symantec, it was determined that 80% of breaches would have been prevented by including MFA with a password.

A strong password should be the first barrier for access, but proving it is really you, and not someone else, is a stronger defense.

Over the past few years, biometrics has assisted MFA in keeping data secure. Fingerprint readers and retinal scans are now mainstream. So much for Sci-fi.

I remember when I couldn’t buy gas on the east coast for a few days. Long lines at the pumps for the few gas stations that had short supply. According to Bloomberg, the Colonial Pipeline was hacked in April 2021 due to a compromised password allowing VPN access. The pipeline system was not secured with MFA for administrative access. This allowed fraudulent access to shut down the pipeline simply from a password breach.

There are many companies that now require MFA. These include Bank of America, Microsoft, Apple, Google, PayPal, Drop Box, and Salesforce. As more companies increase their security requirements each month, bad players looking to capture your data must adapt to this level of sophistication. This is leading to MFA itself needing to become more robust. So, what should we expect in the months ahead?

The Future:  Adaptive Multi-Factor Authentication

Standard MFA can decrease efficiency when over implemented. Adaptive MFA can reduce the burden of constantly having to prove who you are by 80%. It also helps reduce bad actor login access to near zero. Adaptive MFA bridges the gap between user experience and account security by providing a secondary factor for logins but only prompting for secondary verification when the primary factor login looks suspicious or unusual. Typically, I logon to check certain websites each morning at 8:00 am from a work IP address utilizing the same machine. But what if I was to login at 10:00 pm from a different state? This pattern is new, so it should be challenged. Most likely, I am just traveling. But what if my device was stolen?

Behavioral Analytics can score events, including login attempts at unusual hours, login attempts from unusual locations, or login attempts from unknown devices, etc. Higher risk scores would require additional authentication methods.

My example shows utilizing an approved device, but from a new Geo location and during an odd time of day. Thus, additional Multi-Factor Authentication would be required for this new login attempt.

The future of Authentication will be security driven by artificial intelligence. Adaptive Multi-Factor can be configured to allow low risk patterns to require simply a username and password. Medium risks would require additional authentication, such as that retinal scan. A High-risk AI assessment could deny access all together. Implementing some Adaptive Multi-Factor Authentication could have kept that Colonial pipeline open. Nobody wants another national security risk. The future is being streamlined for user experience, and heightened security. I would call this a win-win.

A Future for Green Currency

Sticky post

Every time I turn on the news, I hear something about the shift toward clean energy. Electric cars, solar panels, recycling. When a friend or investor asks me about cryptocurrency, I consider its carbon footprint on our planet as criteria. Not because I am an environmental fanatic, I still drive an affordable, non-electric, gasoline powered car. The top reason I don’t own any Bitcoin is due to its load on the power grids, followed closely by its inefficiency in transaction speed and price volatility. Bitcoin consumes more energy than many of the world’s leading countries. “But don’t you want to hedge your portfolio against rising inflation?”  Yes, I do, but in a way that also makes me a good steward of the resources on our planet.

What’s the impact?

According to the most recent estimates from the Bitcoin Energy Consumption Index, a data project headed by Dutch economists, a single transaction of the world’s most popular cryptocurrency uses about 2,157 kilowatt-hours of energy.  So, to purchase a new video game for the kids, one would have to burn enough energy to power one household for about 74 days to send the funds, and have the transaction verified on the network.

“How about Ethereum, that’s a greener cryptocurrency.”   Barely…  Ethereum consumes more energy than Switzerland (63.3 TWh annually) and Israel combined (60.5 TWh annually).

Greener pastures:

There are several cryptocurrencies that offer a smaller load on the power grid. A few examples in alphabetic order are:

Algorand

In 2021, Algorand declared its blockchain to be completely carbon neutral. This currency has a partnership with Climate Trade, an organization dedicated to helping companies improve their sustainability profiles.

BitGreen

BitGreen was created as a response to Bitcoin, considering the environmental impact it has. It is a 100% community-run project and uses an energy-efficient proof-of-work algorithm. The company was founded in 2017 and has created a non-profit organization to oversee and manage the BitGreen project.

Cardano

Cardano is inherently more energy-efficient than Bitcoin as it uses a consensus mechanism where those participating in the currency buy tokens to join the network. This helps save a staggering amount of energy, and it is reported to only consume 6 GWh of power.

DEVVIO

According to DEVVIO founders, the DEVVIO network uses one-millionth of the energy usage of Bitcoin and generates far less in terms of greenhouse gasses. It was designed specifically to reduce energy expenditure and be a ‘greener’ cryptocurrency.

Nano

Nano uses block-lattice technology, which is energy efficient. It is still reliant on a Proof of Work mechanism, but the block-lattice goes beyond blockchain to create an account chain for each user on the network.

SolarCoin

SolarCoin is a decentralized and global cryptocurrency that strives to be self-sustainable. This cryptocurrency aims to create 1 SolarCoin for every Megawatt hour generated from solar technology.

Stellar

Stellar offers a faster and cost-effective mode of transaction and is considered a strong alternative for transaction applications like PayPal. Stellar is environment-friendly and uses a consensus protocol, which may be even better than the proof-of-stake algorithm.

“Proof of Work” vs “Proof of Stake”

Within the Green Crypto alternatives, you hear Proof of Work and Proof of Stake mentioned. Most crypto networks are run as Proof of Work, even the greener currencies. Ethereum is currently operating on a proof-of-work blockchain that requires power and resource-hungry mining hardware similar to Bitcoin. Governments and environmentalists have targeted this in their latest attempts to crack down on crypto, which is why a switch to proof-of-stake couldn’t come at a better time for Ethereum. Instead of using energy-consuming graphic cards to crunch numbers to validate blocks, ETH holders stake their tokens in a smart contract to validate new blocks on the chain. This drops the network’s power demands significantly, keeping the environmental regulators at bay. If the minds behind Ethereum can lower power consumption by 99.95% with the introduction of the Proof of Stake (PoS) paradigm instead of Proof of Work (PoW) energy hog, I would feel more enticed to be a responsible buyer.

So why not just switch Bitcoin from Proof of Work, to Proof of Stake?

Several climate activist groups including Greenpeace and billionaire Chris Larsen have launched a Bitcoin campaign to do just this. “Change the Code, Not the Climate.”  It was estimated that by 2027 Bitcoin would consume as much power as Japan. Although these efforts will mostly be a combination of marketing and millions of dollars in pledging, it is unlikely that it will be enough to invoke change. Typically change involves a blockchain fork, or fundamental change in the code that drives the project. Some would favor a change for Bitcoin to become a greener blockchain, while others (most) would choose the original design. Millions of dollars have been spent on proof-of-work miners to verify the network and these would not be needed in a Proof of Stake design. Many believe proof-of-work and decentralization is more important than the impact on the power grids or environment.

What’s the future?

The future of cryptocurrency will be a currency that is efficient and green. Whether that means blockchain networks adapt the Proof of Stake design, or perhaps a global wind and solar panel network emerges. Green, renewable energy is clean with little-to-no environmental impact that contributes to global warming, the way fossil fuels, or nuclear energy adds to greenhouse gases. There is just too much demand for clean energy to keep the environment of blockchain operating as an energy hog. The future currency winners in this sector will be those that take this into account.

Spectrum is not recommending cryptocurrency to our clients or prospects. This blog is intended to give information to the “consumer” that may not be known. At Spectrum Financial, our goal remains to provide our investors with the best risk-adjusted returns possible that fits their individual suitability. We believe cryptocurrency remains a highly speculative investment, with many different layers that can affect a specific crypto coin or the whole crypto sector. This blog highlights just one factor that can affect price movements. Furthermore, this currency alternative is still highly unregulated. Our goal remains to understand the market, its sectors, and opportunities and proceed accordingly with risk-adjusted returns in mind, not to blindly expose our investors to speculative investments.

Page 1 of 4

Spectrum Financial, Inc 2023