Authentic authentication!

Wikipedia describes authentication as "the act of establishing or confirming something (or someone) is authentic, that is, that claims made by or about the subject are true. In the world of cyber security, authentication is a process based upon three factors; 1. Something you know (Password, PIN, etc.), 2. Something you have (security token, ID card, etc.) and/or 3. Something you are (fingerprint, retinal pattern or DNA sequence). A typical logon process contains both identification (user id) and authentication (as discussed above).

So, with all of these security measures in place to identify and authenticate users, why are the so many successful cyber attacks? How is it that a cyber criminal can both identify and authenticate themselves as someone they aren't? If authentication is the act of confirming something to be authentic, it seems to me that we either have no current technology that is actually a true measure of authenticity or we aren't using what we have correctly. Once a cyber criminal has exploited a vulnerability and installed some malware containing a bot or keylogger, it is only a matter of time before they can harvest much of the users identification and authentication information. It seems to me that passwords and/or pins are no longer valid forms of authentication, and I am perplexed that most financial institutions still use them. Two-factor authentication such as security tokens provide an extra layer of assurance, but even these aren't fail proof.

I guess what concerns me about authentication is that there is really only one solution, and that will no doubt require serious ideological debate. To establish 'authentic authentication', the only answer is DNA linkage to the identity of the user.... genetic validation. To reach this level of authentication will require serious progression in the linkage of technology to the human genetic fingerprint. Something to think about...