The Password Is: Liability - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
2/25/2004
02:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The Password Is: Liability

A new report says passwords are the weakest link in business IT; a Microsoft-RSA partnership aims to offer help.

Passwords are the weakest link in enterprise IT. That's the message in a new report citing the security risks faced by business travelers, as well as from RSA Security Inc. and Microsoft as they unveiled RSA SecurID tokens to simplify and secure Windows logins.

In a report for network-security company Secure Computing Corp., security consultant Rodney Thayer found that business travelers run a risk of compromising their company networks when they use public Internet access points.

"There really is a risk. There are a lot of opportunities for people to gain your password," Thayer says in the report, "Remote Insecurity: How Business Travelers Risk Exposing Their Companies When Remotely Accessing Company Networks."

At an airport Internet kiosk, for example, he suggests that an attacker could install a keyboard sniffer to capture all keystrokes entered in a hidden file. Such programs are freely available over the Internet and can be easily downloaded and installed.

Thayer also tested the security at a coffee shop with commercial wireless Internet access. He says that by using available software, an attacker could capture password data, use a keyboard sniffer to capture keystrokes, or simply "shoulder surf"--watch as a user enters his or her password.

While Thayer cannot attribute specific security breaches to such tactics, he says he's aware of numerous incidents that can't be explained by anything but stolen passwords. "This isn't a risk that can be ignored," he says.

With password resets comprising 40% of help-desk calls, according to RSA, a move toward something more secure and less costly for companies starts making sense. Users frustrated with monthly password changes probably won't object.

The RSA SecureID tokens add an extra step for security: Instead of typing in only a password, users of the tokens also must enter a random number that appears on their so-called SecureID, a key-chain fob or plastic card they carry with them. The number changes every minute, generated by an algorithm that also resides on a server inside a company's computing center.

The tokens, which stem from an Microsoft-RSA agreement disclosed Tuesday at RSA's annual security conference in San Francisco, would protect Windows-based computers with the token scheme, whether they're portable or attached to a company network.

"Despite highly publicized corporate security breaches caused by individuals who have circumvented password systems," RSA Security president and CEO Art Coviello said in a statement, "many companies still rely on them for user access to desktops and the network domain."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
Achieving Techquilibrium: Get the Right Digital Balance
Jessica Davis, Senior Editor, Enterprise Apps,  10/22/2019
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll