CompStar Technologies



CompStar

 
  

Print Page
  

Bookmark Page
 

Password Proliferation: a Perplexing Problem

Mishawaka, IN. One of the side effects of greatly increased web commerce and information distribution is a proliferation of passwords.  Every web site has its own user name and password scheme that is required to place orders, access status information, etc.

Keeping track of all the passwords becomes a problem and a security threat.  Many users deal with the password problem by reusing the same user name and password over and over at different sites, significantly reducing the security of all the sites so affected.  Others tell their computer to "remember" the password, creating another kind of risk if their computer is left unattended.  Other popular workarounds include handwritten lists near the computer, not to mention the ever-popular Post-It™ notes stuck to the user's monitor.

While most web sites pose no great financial risk, even if misused, in some cases an organization can have serious exposure from sloppy site access control.  For example, if a company routinely places large online orders, an unauthorized user might be able to place additional orders for high-value goods, perhaps for shipment to a different location. Weeks might pass before the unauthorized orders were identified as such.  At other sites, confidential data could be exposed, creating a different kind of risk.  With greater accessibility of online banking functions, some firms can now initiate wire transfers or ACH deposits from a PC - certainly a convenience, but also a significant risk should an unauthorized user initiate funds transfers.

Software. A variety of solutions are both available and under development.  Various software can be used to "remember" passwords, with varying levels of security.  Gator is one such program aimed at consumers; unfortunately, it is also considered to be "spyware" by web experts since it can report browsing habits back to its originating site and also places ads over the "real" content of web pages.

Perhaps the most ambitious solution is Microsoft Passport.  Passport is designed to simplify the login process for sites that adopt it by logging in the Passport user automatically.  To date, however, privacy and control issues have prevented widespread adoption of Passport to date.

Emmasoft makes a software product called Darn! Passwords!, another password storage systems that lets the user drag passwords into the appropriate location on the web page.

Hardware Solutions. Any solution that stores passwords on the user's computer is considered risky.  Hence, some users have found storing user and password information on a handheld organizer like a Palm Pilot to be a good solution.  These devices allow their stored data to be password protected to keep casual browsers out, and also have backup routines that help protect against data loss.

One intriguing specialty product for password protection is the EBP from Mandylion Laboratories. This device, which looks rather like an automobile remote access key fob, incorporates various security features to make unauthorized password access difficult.  First, the very design of the product is geared to making it something that the owner always keeps on his or her person, and is unlikely to leave lying on a desk or let someone else use (as might happen with a handheld organizer).

In addition, the EBP requires the user to log in.  It will report tampering (entry of incorrect password) and will even go into a timed lockout if too many attempts occur. James Bond types will appreciate its self-desctruct feature which can be used in very high-risk settings.  It can store up to 20 passwords, which may be a bit low considering how many passwords users have to deal with today; on the other hand, few users have to deal with that many important, high-risk passwords.

As widely recognized as the password proliferation problem is, it is likely that we'll see numerous solutions to the problem emerge in the coming months.  In the meantime, companies should review their exposure in this area.  Purchasing, finance, and human resource areas in particular may present higher levels of risk.  User practices for password assignment and management should be scrutinized to ensure that unauthorized access is unlikely.  (And remember, sticky notes are NOT an acceptable solution!)

Useful Resources:

  MandyLion Laboratories, maker of the EBP

  Microsoft Passport Information

  Emmasoft, maker of Darn! Passwords!

  Gator - Unethical Practices Disclosed at Scumware.com

.

 IT Indiana - Home

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

CompStar Technologies is a leading Indiana-based provider of networking, technology, and communications services. With offices in Mishawaka (serving South Bend, Elkhart, Warsaw, Michigan City, Fort Wayne, Niles, St. Joseph, and Benton Harbor, Michigan) and Indianapolis, CompStar provides network design / support, network security, wireless networking, business telephone systems, VoIP (voice over IP), and cctv / video surveillance systems. CompStar is the Technology Division of Direct Line Communications, headquartered in Mishawaka, Indiana.

 

    

Voip - Voice over IP



  


Home | Services | Contact | Careers | Mission | News | Locations| Video Surveillance
E-Commerce & Web Marketing | Network Security | Network Outsourcing | VoIP

   © 1999 - 2006 CompStar Technologies, All Rights Reserved.