Thursday, May 23, 2002

The real problem with password security. Read this article in CNET and you'll stop complaining when your IT department forces you to use strong passwords and change them frequently. Calling passwords "the weakest link" in enterprise security, the article shows how easy it is for a hacker to crack a significant percent of user passwords in large organizations. As more industries such as health care move to electronic records and electronic signatures, companies will not be able to rely upon passwords as the sole means of authentication. The answer? The article points to strong password policies enforced by automated security management tools, plus double or even triple authentication schemes including passwords, digital tokens or smart cards, and biometrics. However, physical tokens and smart cards can be expensive to implement on a wide scale, and as we pointed out earlier (May 16th entry) biometrics are not always fool proof. So, our advice would be to design the technical solution based on the risk and implement tools to monitor potential breaches in addition to measures to prevent them.

No comments: