Home Business IT Security Halt – who really goes there?

Halt – who really goes there? Featured

Google's VP of security Eric Grosse and engineer Mayank Upadhyay dream of a world without passwords - funny what nerds dream about.

Their vision revolves around using an authenticator device – their initial version is a tiny USB card key (pictured) running of course a version of Google Chrome but they say the technology can be used on most computing devices (unless like iOS you don’t have a USB port). Great idea but security “dongles” have been around for a long time (initially used to prevent software theft) and users universally despise them, especially when lost.

This opens up a whole raft of issues about internet security. First if this USB system became too ubiquitous we would have muggers asking you to “hand over your wallet and your dongle” – in fact they may not even bother with the wallet as few carry lots of cash any more.

Sure passwords are inherently flawed – simply because users tend to adopt word/letter/symbol combinations they can remember (dog, birthday etc) and then they tend to use them for everything on line. Bad policy – variety gives identity thieves a challenge!

A typical password can be cracked not only by lucky guesses but by brute force, stolen with a key logger (spyware), or reset completely by convincing a customer support department that the caller is really you (knowing your mother’s maiden name, date of birth is all too easy).

See Wikipedia if you want to know more. One scary statistic - an 8 character (mix of alpha, numeric, symbols and case i.e. 32 bit strength) password takes 16 minutes to brute force crack – even less at the movies…

Biometrics (fingerprint, iris/retina, facial recognition) showed promise until Hollywood directors decided that it was cool for the bad guys to cut off a finger or gouge out an eye. Behavioural biometrics (typing rhythm or voice timbre) also show promise giving Hollywood Directors and Mythbusters the next challenge to crack.

For a password system to work it needs to be a universal standard (and Google et all need to collaborate and show leadership), easy to use (no inserting a dongle anywhere), difficult to forge or steal under duress and easily upgraded when the crooks work out how to circumvent it.

I think the answer lies in some form of personal near field communication – perhaps a chip embedded in your body with some tamper proof failsafe in case of abduction or death – but that’s getting a little morbid and public rights advocates would decry a universal identifier as an extreme breach of human rights.

For now strong, robust, totally random passwords from password generator/manager software is the order of the day. Make sure all on-line accounts have different passwords especially those that let you log into one account and access others. Don’t use your email name as a login name if you can avoid it.

Password manager (software)

Without recommending any of the following software based password managers here are a few you may want to consider.

Norton Identity Safe (free for Mac and PC). It has Apps for iOS and Android (not Windows 8 RT/Phone yet). Norton has trusted name in security. (Click here)

RoboForm has been around for a long time and covers most platforms. This is paid software but covers a very side range of platforms. (Click here)

KeePass 2.x is open source freeware that is portable and can be run from a USB stick or installed. It supports Windows, Mac, iOS, Android, Blackberry and Windows Phone. Open Source should be encouraged and it seems to get high user poll ratings so try it. (Click here)

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities