Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Greater Case for 2FA As Password Complexity Requirements Increase

SecurEnvoy : 21 May, 2012  (Technical Article)
SecurEnvoy comments on the failure of password protection as security policies start to break down and inundate users with increased complexity which is absent with two factor authentication
Greater Case for 2FA As Password Complexity Requirements Increase
Commenting on reports that a security developer has concluded that password-creation policies are the enemy of secure passwords, SecurEnvoy says that the fundamental issue is that conventional ID/password security is now coming to the end of the line as far as security is concerned.

The reasons for this, says Steve Watts, co-founder of the tokenless two-factor authentication ((2FA)) specialist, are actually more complex that Cameron Morris, the security developer notes.

"This isn't to say that Cameron is wrong - far from it - it's just that the reasons why passwords are coming to the end of the line in today's online environment are multi-faceted, with company password policies being only one issue of concern," he said.

"One of the other major issues we have observed is that people have great difficulty remembering more complex passwords than the six or eight alphabetic strings that most Internet users rely on. Because of this, they fall back on an eight digit passphrase that is usually a family member’s name or place of birth, and which - unfortunately - are all too easy to hack using brute force password attacks," he added.

The problem with corporate password policies, the SecurEnvoy co-founder went on to say, is that they often force users to create complex passwords with a mixture of letters and numbers, with at least one of the letters being upper case.

The nett result of this, he says, is that users end up with a relatively complex passphrase that is difficult to remember and often results in the employee storing the passphrase on their mobile phone as an `aide memoir' or - perhaps worse - writing it on a yellow sticky note which is then placed on their desktop monitor.

This, he adds, is the real issue that Cameron has picked up on: making passwords too complex means that the average user takes an easy option to help them remember it when they want to log on.

Watts explained that it is this experience that has pushed many organisations to go down the hardware authentication token path, forcing employees to tote the hardware token with them - perhaps on their key ring or in their purse.

A far easier option, he notes, is to go down the tokenless (2FA) security route, using an employee's mobile phone as the medium for authentication. As well as being more convenient for staff than toting around a hardware token, tokenless (2FA) can also be completely reconfigured by the IT helpdesk in real time, rather than having to wait for a member of staff to be sent a new hardware token.

“We welcome news that Cameron Morris has identified a shortcoming of password policies that focus only on passphrase composition, rather than actual strength. The Passfault software - which he has developed - highlights how easy it is to crack a typical password. Tokenless (2FA) is, in our opinion, a far better option in terms of security and flexibility," he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo