The Seven Young Goats and multifactor authentication

September 20, 2019

Our ancestors may not have had computers, but they certainly knew a thing or two about keeping children safe. We’ve already used Little Red Riding Hood as a guide to explaining Man-in-the-Middle attacks, handshakes, and phishing. Now let’s talk about two-factor authentication (2FA) and biometric security. This time, we’ll use a somewhat less-known fairy tale called The Wolf and the Seven Young Goats.

We analyze the fairy tale The Wolf and the Seven Young Goats in terms of cybersecurity

The Wolf and the Seven Young Goats

The concept of authentication is clearly illustrated in the fairy tale The Wolf and the Seven Young Goats. For those unfamiliar with the tale, it involves a family of goats consisting of a mother and seven youngsters. When the mother leaves to get food, she tells her children not to let in the wolf (who will eat them) and teaches them to recognize the differences in their voices and fur color. She leaves and the wolf knocks on their door. Learning from the children that his voice is too low, he alters it to trick them into thinking he’s their mother. The young goats remember, then, to look under the door and see the wolf’s dark, furry feet. Again, they refuse him entry. The wolf then disguises his feet, dusting them with flour to make them look white, like the mother goat’s. Ultimately, the young goats are convinced (and eaten). This video recounts the whole tale:

Now, cybercriminals don’t tend to eat their victims, so we’re interested in the first part, where the wolf is trying to get into the goats’ house. Let’s take a step-by-step look at what’s really going on here.

  1. The mother goat goes into the forest after warning her kids not to open the door to strangers.
  2. The wolf approaches the house, says he is the mother goat, and asks to be let in. The young goats immediately notice the wolf doesn’t sound like their mother, and so they don’t open the door.

This is a demonstration of biometric authentication. Even though the wolf learned the right things to say (the passphrase), knowing the correct words is not enough. In this case, to enter the goats’ house, the beastly “user” needs to pass speaker verification. That’s the second factor.

  1. The wolf alters his voice to sound softer (the methods he uses vary depending on the storyteller). Having done that, he successfully passes the speaker verification check. But the young goats again refuse him entry, because they see a gray wolf’s paw under the door.

In other words, to get into the house, knowing the password is not enough, and even passing the voice check won’t do the trick. It’s also necessary to have the right fingerprint paw. This is essentially another biometric factor. Even if someone manages to mimic the voice of the house owner, only a user with an additional differentiating feature is allowed to enter.

  1. The wolf disguises his paws using flour and again tries to gain access — and this time, he succeeds.

This is a good example of a hacker trick for bypassing multifactor authentication. Here, the voice and paw biometric data are faked. Such scenarios are quite real and are used by scammers in the real world. This fairy tale not only helps explain to children what multifactor authentication is, but also shows that biometric security is in fact not as reliable as it might seem.

Cybersecurity tales for kids

As you can see, fairy tales can make an excellent cybersecurity guide for your child. Just draw the correct analogy, and wordy explanations or blanket bans won’t be needed. We’re quite sure that Little Red Riding Hood and The Wolf and the Seven Young Goats are by no means the only fairy tales from which vital lessons about malicious tricks and ways to defend yourself in the digital world can be extracted. And while we’re at it, take a closer look at your child’s favorite cartoons — maybe those are secretly (if not openly) about cybersecurity, too?