Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

White paper on secure authentication says passwords are not enough

Network Box : 03 September, 2009  (Technical Article)
The "Authentication, who are you?" white paper from Network Box illustrates why password authentication on web based services is no longer enough to provide adequate protection
Using passwords to access online information is not secure enough, according to a new white paper from managed security company, Network Box. Authentication, who are you?, written by Network Box's Internet Security Analyst, Simon Heron, argues that web-based services - particularly those that hold financial information - must increase security in order to protect their customers effectively.

Heron warns that identity fraud is increasing - particularly card-not-present (CNP) fraud - and yet secure access to the ever-growing number of web-based applications relies (for the most part) on the same techniques used since the beginning of IT security: user names and passwords. While a number of banks use multi-factor authentication in the form of card-sized number generators (a system that Heron argues is not sustainable on the basis that consumer would balk at carrying round the number of devices required to authenticate access to all their online accounts), most businesses still rely on user name / password combinations.

The problem is that consumers simply have too many passwords to remember, and so either use passwords that are simple to remember (and so easy to 'break'), write them down, or rely on resetting them, using the 'forgotten your password' function on a website (which is often in itself insecure). Even the 'verified by Visa' system is not secure, says Heron: "The 'verified by visa' system is a basic two-factor authentication system, but if you forget your password, often all you need in addition to the credit card is your date of birth to reset the password - which is less secure than most single password systems."

The paper also examines the pros and cons of an 'Identity 2.0' approach to online security: creating a single, secure identity that is recognised by a number of online entities with which a user interacts (such as Open ID), that could be authenticated in a number of ways. These systems are also not without their problems - privacy being a prime concern.

Heron says: "All companies involved in secure transactions must start working together to provide uniformity in their approach to security. This is becoming a major issue for consumers. If customers are to interact online and divulge confidential information, the company with which they're doing business has a duty to secure that information."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo