Idea ID: 2871399

Ability to Enroll a 'Bad Actor Password'

Status : New Idea

I believe that one of the largest risks facing organizations, when it comes to cyber security breaches, are the people themselves who have access to physical on-site equipment/workstations/the internal network (whether that be Internal Employees who have bad intents or may be working as a mole for an external organization OR perhaps 3rd party janitorial/custodial services, catering/event staff, etc... )

In fact, a "2018 Insider Threat Report asserted that 90% of organizations are likely to be attacked or exposed to attacks through an insider, and more than 50% experienced an attack through an insider. Furthermore, about 44% of top companies are exposed to potential threats as a result of exposure of passwords on the internet by their employees or theft of login details." (source: https://www.enzoic.com/employee-cybersecurity-weak-link/)

Since 'Internal Network activity' and 'Trusted Devices' already registered to the network are less likely to raise any red flags during random security audits, I believe it would be beneficial to allow employees the ability to enroll a 'Bad Actor Password' (a similar concept to the 'Duress Fingerprint' which was introduced with Advanced Authentication 6.2.0.0? https://www.netiq.com/documentation/advanced-authentication-62/advanced-authentication-releasenotes-62/data/advanced-authentication-releasenotes-62.html#t48nowqjezwk) which might be left on a sticky note attached to one's monitor or inside of an unlocked desk drawer, etc...

If used, this authentication attempt would create a sub-routine that could either do nothing (other than send an alert to someone inside the company) OR could make it look like one had successfully authenticated to a 'fake network'/access point with which they would not be able to do anything malicious but would have alerted someone within the organization that there was a deliberate and intentional attempt to use compromised credentials at which point the attempt could be traced back to the individual responsible and they could be dealt with accordingly. Because, at the end of the day, it's important to know who you can trust...

Labels:

AAF
user administration