The feeling of greater security tempts us to be more reckless

Reader's comment on the topic of enterprise password management Security: Identity Management Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by CDW Threat Control & Containment A proactive approach can lead to more mobile network security plus peace of mind. In this timely whitepaper read how a security solution can be specifically geared to the mobile components of your network. Learn More! Spotlight Story The feeling of greater security tempts us to be more reckless By Dave Kearns The recent newsletter - rant, really - about the National Institute of Standards and Technology (NIST) white paper on enterprise password management ('Managing' passwords doesn't make them less unsafe) elicited a number of comments, some not very complimentary. Read full story Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management. Related News: 'Managing' passwords doesn't make them less unsafe In his newsletter last week my colleague M.E. Kabay points us to a draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management." Maybe next they'll draft guidelines for the proper use of buggy whips! Locking out users gives attackers a tool for denial of service When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user’s password without limit. Guide to enterprise password management drafted I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are ... Using smart cards vs. passwords for identification A recent Datamonitor survey showed that 62% of enterprises have experienced problems relating to passwords being shared, borrowed or stolen from within their organizations. The survey of 200 enterprises also found that only 21% of the respondents are confident that passwords will provide sufficient user authentication for their businesses over the next five years. Yet most of us are still using passwords. Isn't there a better way? Single sign-on plus self-service password reset result in greater benefits At last week's Converge07 conference for Courion customers and friends I had the pleasure of sitting on a panel (well, I WAS the panel) for Courion VP of Services Nelson Ronkin's presentation about integrating ... Validation, authorization: The next steps to identity management As someone pointed out to me last week, we're still spending an inordinate amount of time talking about authentication, and still trying to find a way to obviate the need for users to either memorize or write down lists ... May Giveaways Cisco Subnet, Microsoft Subnet and Google Subnet are collectively giving away books on Google Apps Deciphered, the CCNA Security exam, an awesome SQL Server 2005/2008 training video and the grand prize, a Microsoft training course from New Horizons worth up to $2,500. Deadline for entries May 31. Network World on Twitter Get our tweets and stay plugged in to networking news. Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond. Apple iPhoneys: The 4G edition iPhone enthusiasts from around the Web offer their visions for the next-gen iPhone. Sponsored by CDW Threat Control & Containment A proactive approach can lead to more mobile network security plus peace of mind. In this timely whitepaper read how a security solution can be specifically geared to the mobile components of your network. Learn More! EMA: Refining privilege access security. Close the security gaps in high-privilege access control and authentication by selecting the right security products for the job. This whitepaper, "Resolving the Privilege Management Paradox," details how. EMA outlines how to find products that offer strong shared access management, better control and clear visibility and multifactor authentication. Click to download. Metzler: 2009 Handbook of Application Delivery Successful IT organizations must know how to make the right application delivery decisions in these tough economic times. This handbook authored by WAN expert Jim Metzler will help guide you. Download now   05/11/09 Today's most-read stories: The Internet sky really is falling Death of the mouse 10 tech-inspired Mother's Day gifts As economy softens, Microsoft ramps up research FutureNet 2009: IPv6 coming, ready or not Despite pledge, researchers release VBootkit 2.0 code Multi-gigabit wireless spec on tap by year-end Top 7 reasons people quit Linux Obama tax plan bad for Cisco, other offshorers Study: U.S. air traffic control vulnerable to cyberattack Notebook replaces trackpad with LCD panel Network World on Twitter: Get our tweets and stay plugged in to networking news DNS news and tips DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet. Receive the latest DNS news and tips Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com