Some of us authenticate ourselves to unlock our smartphones. Others authenticate to access confidential corporate information. A few authenticate to wield the power to annihilate the world.
The football and the biscuit
In the United States, the President (Commander-in-Chief) has a “biscuit.”
“The nuclear biscuit is a card with authentication codes that acts as the President’s personal key to unlocking America’s nuclear arsenal.
“The biscuit acts a lot like a two-factor authentication device or app. Its codes are updated regularly, and it works in connection with the nuclear football to verify the President’s identity. Without the biscuit, the President can’t order a nuclear strike, even if they have the football itself.”
Factors of authentication
Here are the three authentication factors that the biscuit reportedly uses.
“Something you have is quite an obvious one, you needed to have the actual Biscuit and the codes within.
“Something you know is when you opened the Biscuit. It had many codes printed on the cards and all were false apart from one. The President would have been told the position of the real code when he first took office. He would also be told each time the Biscuit was changed.
“For something you are, the phone line the President would need to contact has no number. It can only be contacted via a secure military phone. This phone would be handed to the President by one of his security team who would obviously not hand this phone to anyone but the President.”
Now you can argue that the phone line is not a TRUE something you are factor. A devious security team member could hand the phone to someone who SOUNDS like the President.
And there’s another complication.
Passing the football
Let’s say that a President is away from Washington. Say, at a school in Florida.
And all of a sudden attacks are launched in multiple U.S. cities.
What if an attack were launched in Florida, incapacitating the President, either temporarily of permanently?
In such an attack, the country and the world cannot afford to wait for hours for the football to be flown to wherever Richard Cheney is.
The solution? Two footballs (at least).
“Believing that the vice president should be a partner in national security policymaking, President Jimmy Carter assigned a football to Vice President Walter Mondale and this became the practice for future U.S. administrations.”
Outside the U.S. Russia has a similar system called the “Cheget,” and other nuclear countries presumably have similar procedures to authenticate the persons or persons authorized to launch nuclear weapons.
Your football and biscuit
If you are an identity vendor or customer, you may have your own authentication and authorization procedures. While a breach of your procedures won’t result in the annihilation of civilization, it could create its own damage.
Do you need help describing the security of your identity solution?
Bredemarket 