Give users passwords they don't have to remember

One Time Passwords (OTP) solutions Security: Identity Management Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Citrix Integrated Web Application Security With application layer attacks on the rise, the need for a comprehensive security solution has never been greater. Benefit from Citrix NetScaler, a single, integrated appliance to accelerate Web applications, improve availability and enhance web app security. Spotlight Story Give users passwords they don't have to remember By Dave Kearns In the last issue we were talking about username/password technology for modern networks and how to "manage" them. My suggestion was to manage to boot the technology out the door. Read full story Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management. Related News: 'Managing' passwords doesn't make them less unsafe In his newsletter last week my colleague M.E. Kabay points us to a draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management." Maybe next they'll draft guidelines for the proper use of buggy whips! LexisNexis says its data was used by fraudsters LexisNexis acknowledged Friday that criminals used its information retrieval service for more than three years to gather data that was used to commit credit card fraud. Locking out users gives attackers a tool for denial of service When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user’s password without limit. Guide to enterprise password management drafted I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are ... Using smart cards vs. passwords for identification A recent Datamonitor survey showed that 62% of enterprises have experienced problems relating to passwords being shared, borrowed or stolen from within their organizations. The survey of 200 enterprises also found that only 21% of the respondents are confident that passwords will provide sufficient user authentication for their businesses over the next five years. Yet most of us are still using passwords. Isn't there a better way? Single sign-on plus self-service password reset result in greater benefits At last week's Converge07 conference for Courion customers and friends I had the pleasure of sitting on a panel (well, I WAS the panel) for Courion VP of Services Nelson Ronkin's presentation about integrating ... Validation, authorization: The next steps to identity management As someone pointed out to me last week, we're still spending an inordinate amount of time talking about authentication, and still trying to find a way to obviate the need for users to either memorize or write down lists ... Who goes there? Identity management is all about who you are and what you should be allowed to do. This Product Guide describes the technology and how it works. May Giveaways Cisco Subnet, Microsoft Subnet and Google Subnet are collectively giving away books on Google Apps Deciphered, the CCNA Security exam, an awesome SQL Server 2005/2008 training video and the grand prize, a Microsoft training course from New Horizons worth up to $2,500. Deadline for entries May 31. Network World on Twitter Get our tweets and stay plugged in to networking news. Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond. Apple iPhoneys: The 4G edition iPhone enthusiasts from around the Web offer their visions for the next-gen iPhone. Sponsored by Citrix Integrated Web Application Security With application layer attacks on the rise, the need for a comprehensive security solution has never been greater. Benefit from Citrix NetScaler, a single, integrated appliance to accelerate Web applications, improve availability and enhance web app security. EMA: Refining privilege access security. Close the security gaps in high-privilege access control and authentication by selecting the right security products for the job. This whitepaper, "Resolving the Privilege Management Paradox," details how. EMA outlines how to find products that offer strong shared access management, better control and clear visibility and multifactor authentication. Click to download. Everybody says "Do more with less!" But no one tells you how. We will and it costs nothing to find out at IT Roadmap Conference and Expo. Coming to 10 cities in 09. Register now, attend free   05/06/09 Today's most-read stories: Death of the mouse Illinois programmer sues Google over "Android" RIM to bind BlackBerry to Cisco phones Use the Cisco restroom at your own risk Juniper bolsters branch router, switch lines Botnet probe turns up 70G bytes of personal, financial data Why mix Bluetooth with Wi-Fi? Is it time to cut the Ethernet access cable? It takes a village idiot: The jerks of online forums Some IT skills see pay hikes during downturn Notebook replaces trackpad with LCD panel Network World on Twitter: Get our tweets and stay plugged in to networking news DNS news and tips DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet. Receive the latest DNS news and tips Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com