Your search keyword '"Password policy"' showing total 12 results

1. Are passwords finally dying?

Author

Cath Everett

Subjects

Password, Password policy, Information Systems and Management, Computer Networks and Communications, business.industry, Internet privacy, Demise, Computer security, computer.software_genre, Popularity, Authentication (law), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Lease, Key (cryptography), Business, Safety, Risk, Reliability and Quality, Speculation, computer

Abstract

People have been talking about the death of the password for years. In fact, Microsoft founder Bill Gates first declared its imminent extinction at the RSA Security Conference in 2004 as, he attested, it was simply unable to "meet the challenge" of keeping critical information secure.The seemingly endless security breaches of 2015 have once again led to a flurry of speculation over the imminent demise of the key offender, the password.Possible alternatives such as biometrics have proven too costly and complex to implement to take off in the corporate space. Moreover, it seems that passwords are being given a new lease of life by technology such as password vaults and by their inclusion in two-factor authentication solutions that are growing steadily in popularity, explains Cath Everett.

Published

2016

2. Password alternatives

Author

Steve Gold

Subjects

Password, Password policy, Authentication, Information Systems and Management, Cognitive password, Computer Networks and Communications, Computer science, business.industry, Network security, Internet privacy, Computer security, computer.software_genre, One-time password, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Safety, Risk, Reliability and Quality, business, Password psychology, computer

Abstract

In the previous issue of Network Security, we looked at some of the problems that conventional password technology faces in an IT world where rapid decryption processes have become the norm. Here we will look at some alternatives to passwords. But first, it's important to understand the structural problems that the Internet faces and why, even with the best authentication systems currently in place, online 'security' is inherently insecure.

Published

2010

3. Cracking passwords

Author

Steve Gold

Subjects

Password, Password policy, Information Systems and Management, Cognitive password, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Password cracking, Service provider, Computer security, computer.software_genre, One-time password, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Mobile phone, Safety, Risk, Reliability and Quality, business, Password psychology, computer

Abstract

Passwords are all around us. We use them to authenticate ourselves to mobile phone and broadband service providers. We have to keep track of multiple passwords to access websites and online services. We may use them to secure our computers or individual files. The supposed strength of this security is the assumption that a password is something only we know. But are passwords adequate for today's security needs? How easy is it to crack them? And what are the technologies that threaten the password's usefulness? In this first instalment of a two-part feature, security journalist Steve Gold explores the current state of password- and password-cracking technology. Passwords are all around us. We use them to authenticate ourselves to mobile phone and broadband service providers. We have to keep track of multiple passwords to access websites and online services. We may use them to secure our computers or individual files. The supposed strength of this security is the assumption that a password is something only we know.

Published

2010

4. A review of L0phtCrack 6

Author

Bruce Potter

Subjects

Password, Zero-knowledge password proof, Password policy, Information Systems and Management, Cognitive password, Computer Networks and Communications, Computer science, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Safety, Risk, Reliability and Quality, computer, Password psychology

Abstract

The password security arms race has been a complex and interesting one. The idea of securely using passwords is simple enough; a user needs to prove his or her identity to the system, and a shared secret such as a password is generally easy to remember and easy to type, assuming you have access to a keyboard.

Published

2009

5. Password protection: the next generation

Author

Tom Rowan

Subjects

Password, Password policy, Information Systems and Management, Cognitive password, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Ask price, Password protection, Safety, Risk, Reliability and Quality, business, Password psychology, computer

Abstract

Since the dawn of computing, passwords and access codes have been used to protect access to computer systems. These passwords protect user accounts. Systems ask for a username and password before access is granted. As some user accounts have increased privileges on systems, the security of these accounts is often given more thought than normal user accounts. However, obtaining the password of even a lowly unprivileged account can be used to gain a toehold onto a system. This can provide a potential springboard to escalate privileges and gain administration access.

Published

2009

6. Replacing passwords: in search of the secret remedy

Author

Steven Furnell and Leith Zekri

Subjects

Password, Password policy, Zero-knowledge password proof, Information Systems and Management, Cognitive password, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Safety, Risk, Reliability and Quality, business, computer, Password psychology

Abstract

Let's face it, the password hasn't become the most common technique for authentication because of its successful track record. Ever since April 2004, when a test conducted for InfoSecurity Europe showed that more than 70% of London commuters were willing to disclose their password in return for a bar of chocolate, things have never looked quite the same. There's no doubt that the weaknesses of passwords point towards the need to improve user authentication processes in many systems. Persistent user problems remain including: the use of dictionary words or other guessable strings, writing them down, and having the same password on multiple systems. Another problem with passwords is that they are easily shared with other people - and evidence suggests that users are all too willing to betray their own secrets. But finding good alternatives to the password is no easy task. Though by far the most common technique for authentication is the password, its popularity is not necessarily attributable to its success as an authentication method. For example, almost 99% of home users rely heavily upon passwords as a means of authenticating their access to sensitive and personal resources^1, and other findings suggest that heavy IT users can have an average of 21 passwords^2 to remember. But - even after several years of familiarity with security requirements - it is often the users themselves who compromise password protection. Time to search for alternative secrets?

Published

2006

7. Authenticating ourselves: will we ever escape the password?

Author

Steven Furnell

Subjects

Password, Alternative methods, Authentication, Password policy, Information Systems and Management, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Identification (information), Safety, Risk, Reliability and Quality, business, computer

Abstract

Computer systems face continually evolving threats but one bugbear that just won't go away is the vulnerabilities that arise through using passwords for authentication. Passwords have haunted infosecurity professionals since before 1979 and yet they still appear without fail in the SANs list of critical vulnerabilities year after year. In fact Bill Gates is so aghast at passwords that he relegated them to history in his speech at the RSA conference in February. But despite Gate's wishes passwords are unlikely to disappear in the foreseeable future. In many cases a risk assessment may genuinely suggest that the adverse impacts of moving to alternative methods would outweigh those likely to result from password misuse. But it is also fair to say that the continued reliance on passwords could be due to the inertia of some organizations to introduce other methods. Passwords have long been a source of discontent as a means of identification. But they are still being used and the problems associated with them still continue unresolved.

Published

2005

8. The password that's overstayed its welcome

Author

Calum Macleod

Subjects

Password, Password policy, Information Systems and Management, Computer Networks and Communications, business.industry, Internet privacy, Audit, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Back door, Corporate network, Safety, Risk, Reliability and Quality, business, computer

Abstract

The vast majority of back-end applications have got pre-defined passwords that never change. Many IT auditors, CSOs, and IT security staff live daily with the fear of misuse of passwords which have lingered in the system long after they should have expired. It is highly likely that there is not a single business-critical application in your company that isn't wide open. Though so often overlooked - this 'back door' is left open in every corporate network today.

Published

2006

9. The fortress mentality — Part III: Tokens, one-time password devices and the Roman Army

Author

Padgett Peterson

Subjects

Password, Password policy, Information Systems and Management, Cognitive password, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Password cracking, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Safety, Risk, Reliability and Quality, business, computer, Password psychology

Abstract

In the next in this series we briefly consider the history of passwords. This article discovers what needs to be done in modern times to maintain secure access controls. Perhaps the one-time password is the answer for which the two most common types are time-synchronous device and challenge response. We also discuss whether the use of software rather than hardware for the OTP device degrades the protection involved since software can be copied. However, the user remains the weakest link in the security chain.

Published

1995

10. In search of the uncrackable Windows password

Author

Peter Wood

Subjects

Password, Password policy, Zero-knowledge password proof, Information Systems and Management, Computer Networks and Communications, Computer science, business.industry, Salt (cryptography), Internet privacy, Passphrase, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Safety, Risk, Reliability and Quality, business, computer

Abstract

Confidence in password protection is ebbing, but an ethical hacker has a tip on how to restore secrecy, via the 'passphrase'.

Published

2006

11. Are passwords dead?

Author

Bruce Potter

Subjects

Password, Password policy, Authentication, Information Systems and Management, Cognitive password, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Information security, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Wired Equivalent Privacy, Safety, Risk, Reliability and Quality, business, Password psychology, computer, Protection mechanism

Abstract

Over the last 30 years of information security, there has been one constant protection mechanism deployed on systems all over the world: passwords. Be it your four digit automatic teller machine PIN, your eight character Windows workstation password, or the WEP key protecting your wireless network, the idea of ''something you know'' has been the one factor of authentication everyone can live with. But have we reached a point where passwords are obsolete?

Published

2005

12. Simple social engineering

Author

Bill Hancock

Subjects

Password, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password policy, Information Systems and Management, Computer Networks and Communications, Computer science, Social engineering (security), Safety, Risk, Reliability and Quality, Computer security, computer.software_genre, computer

Abstract

It is practically impossible to get very far these days in the system security arena without running into the need for a password to access a system. It might be for an in-house system or even for an online service, but we all need passwords and user IDs to get very far.

Published

1995