Authors: Maren Archibald
Mentors: Jared Colton
Insitution: Utah State University
Two-factor authentication was in use as early as 1994 with a patent belonging to telecommunications company Ericsson, which described the tech as “an authentication unit which is separate from preexisting systems." Today, multifactor authentication (MFA) requires a user to prove their identity by way of their knowledge, through a password or one-time code; their possession, through a physical key; or their inherence, through biometrics like a fingerprint or an eye scan. The secure sign-in method has proliferated in recent years, but while significant time has been dedicated to refining it, little if any research has been done in relation to its ethical implications. In his scholarship on discipline, Michel Foucault writes of “examination that places individuals in a field of surveillance.” MFA is one such method of surveillance — various forms track users’ location data, common usage and login hours, and biometric information. In my presentation, I will apply Foucauldian ethics to show how MFA is uniquely situated among other forms of societal documentation because of its purpose. The very data that depersonalizes users into numbers is also meant to be so precise and personal that it is the only way to believe users are who they say they are. And beyond MFA’s treatment of individual users looms the widespread collapse of a distinction between privacy and security. These values are not incompatible, but organizations have implemented MFA in a way that requires users to sacrifice privacy in order to gain security. My research will show how MFA aggrandizes the power differential between users and tech giants and threatens the ability to simultaneously maintain privacy and digital identity.