Home Business IT Security Halt – who really goes there?

Halt – who really goes there? Featured

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Google's VP of security Eric Grosse and engineer Mayank Upadhyay dream of a world without passwords - funny what nerds dream about.

Their vision revolves around using an authenticator device – their initial version is a tiny USB card key (pictured) running of course a version of Google Chrome but they say the technology can be used on most computing devices (unless like iOS you don’t have a USB port). Great idea but security “dongles” have been around for a long time (initially used to prevent software theft) and users universally despise them, especially when lost.

This opens up a whole raft of issues about internet security. First if this USB system became too ubiquitous we would have muggers asking you to “hand over your wallet and your dongle” – in fact they may not even bother with the wallet as few carry lots of cash any more.

Sure passwords are inherently flawed – simply because users tend to adopt word/letter/symbol combinations they can remember (dog, birthday etc) and then they tend to use them for everything on line. Bad policy – variety gives identity thieves a challenge!

A typical password can be cracked not only by lucky guesses but by brute force, stolen with a key logger (spyware), or reset completely by convincing a customer support department that the caller is really you (knowing your mother’s maiden name, date of birth is all too easy).

See Wikipedia if you want to know more. One scary statistic - an 8 character (mix of alpha, numeric, symbols and case i.e. 32 bit strength) password takes 16 minutes to brute force crack – even less at the movies…

Biometrics (fingerprint, iris/retina, facial recognition) showed promise until Hollywood directors decided that it was cool for the bad guys to cut off a finger or gouge out an eye. Behavioural biometrics (typing rhythm or voice timbre) also show promise giving Hollywood Directors and Mythbusters the next challenge to crack.

For a password system to work it needs to be a universal standard (and Google et all need to collaborate and show leadership), easy to use (no inserting a dongle anywhere), difficult to forge or steal under duress and easily upgraded when the crooks work out how to circumvent it.

I think the answer lies in some form of personal near field communication – perhaps a chip embedded in your body with some tamper proof failsafe in case of abduction or death – but that’s getting a little morbid and public rights advocates would decry a universal identifier as an extreme breach of human rights.

For now strong, robust, totally random passwords from password generator/manager software is the order of the day. Make sure all on-line accounts have different passwords especially those that let you log into one account and access others. Don’t use your email name as a login name if you can avoid it.

Password manager (software)

Without recommending any of the following software based password managers here are a few you may want to consider.

Norton Identity Safe (free for Mac and PC). It has Apps for iOS and Android (not Windows 8 RT/Phone yet). Norton has trusted name in security. (Click here)

RoboForm has been around for a long time and covers most platforms. This is paid software but covers a very side range of platforms. (Click here)

KeePass 2.x is open source freeware that is portable and can be run from a USB stick or installed. It supports Windows, Mac, iOS, Android, Blackberry and Windows Phone. Open Source should be encouraged and it seems to get high user poll ratings so try it. (Click here)

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Connect