Monday, May 04, 2009

'Managing' passwords doesn't make them less unsafe

Username/password as sole authentication method needs to go away
Network World logo

Security: Identity Management Alert

NetworkWorld.com | Security Research Center | Update Your Profile


Sponsored by Oracle
rule

Oracle Identity Management: Buyer's Guide for Compliance Solutions
Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information, especially financial, non-public information and protected healthcare information. Read this white paper for a compliance primer and checklist, plus details on recent mandates. The paper reviews three of the most important regulatory compliance mandates: Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLB) and Health Insurance Portability & Accountability (HIPAA).

rule

Spotlight Story
'Managing' passwords doesn't make them less unsafe

Dave Kearns By Dave Kearns
In his newsletter last week my colleague M.E. Kabay points us to a draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management." Maybe next they'll draft guidelines for the proper use of buggy whips! Read full story

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

Related News:

Locking out users gives attackers a tool for denial of service When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user’s password without limit.

Guide to enterprise password management drafted I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are ...

Using smart cards vs. passwords for identification A recent Datamonitor survey showed that 62% of enterprises have experienced problems relating to passwords being shared, borrowed or stolen from within their organizations. The survey of 200 enterprises also found that only 21% of the respondents are confident that passwords will provide sufficient user authentication for their businesses over the next five years. Yet most of us are still using passwords. Isn't there a better way?

Single sign-on plus self-service password reset result in greater benefits At last week's Converge07 conference for Courion customers and friends I had the pleasure of sitting on a panel (well, I WAS the panel) for Courion VP of Services Nelson Ronkin's presentation about integrating ...

Validation, authorization: The next steps to identity management As someone pointed out to me last week, we're still spending an inordinate amount of time talking about authentication, and still trying to find a way to obviate the need for users to either memorize or write down lists ...

Prevent intrusions: What to look for In the Buying Tips section of our Product Guide, find 15 questions to ask about IPS before you buy one.

Network World on Twitter Get our tweets and stay plugged in to networking news.


Evolution of Ethernet
Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond.

Apple iPhoneys: The 4G edition
Apple iPhoneys: The 4G editioniPhone enthusiasts from around the Web offer their visions for the next-gen iPhone.

Sponsored by Oracle
rule

Oracle Identity Management: Buyer's Guide for Compliance Solutions
Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information, especially financial, non-public information and protected healthcare information. Read this white paper for a compliance primer and checklist, plus details on recent mandates. The paper reviews three of the most important regulatory compliance mandates: Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLB) and Health Insurance Portability & Accountability (HIPAA).

rule

EMA: Refining privilege access security.
Close the security gaps in high-privilege access control and authentication by selecting the right security products for the job. This whitepaper, "Resolving the Privilege Management Paradox," details how. EMA outlines how to find products that offer strong shared access management, better control and clear visibility and multifactor authentication.
Click to download.


Everybody says "Do more with less!"
But no one tells you how. We will and it costs nothing to find out at IT Roadmap Conference and Expo. Coming to 10 cities in 09 including New York in February, Denver in March, Chicago in April.
Register now, attend free

 

05/04/09

Today's most-read stories:

  1. New HP Networking boss took $17.2 million from EMC
  2. LaserJet turns 25 ... 'PC Load Letter' still unfathomable
  3. Is it time to cut the Ethernet access cable?
  4. Hacker: I broke into Twitter
  5. Some IT skills see pay hikes during downturn
  6. What kind of data center can you build with $500 million?
  7. 20 kick-ass network research projects
  8. Microsoft gives users Windows 7 free for 13 months
  9. Who's on deck to replace Cisco's Chambers?
  10. It takes a village idiot: The jerks of online forums
  11. Notebook replaces trackpad with LCD panel


Network World on Twitter: Get our tweets and stay plugged in to networking news


DNS news and tips
DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet.
Receive the latest DNS news and tips



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com

 

 



8 comments:

  1. Anonymous10:32 PM

    Alex: Many gamers have a problem getting "friend zoned" with girls they
    like. Friday ' Along came a Spider: Sean Kingston's - Birthday; DJ's Spider, G-Squared, Top 40, hip-hop, 80's.
    Stassi confronts the girl by asking her if she had sexual relations with Tom in the past.


    Look at my website :: The Tao of Badass Review

    ReplyDelete
  2. Anonymous1:46 AM

    However, woudl you reccomend a diet rich in the foods
    that stimulate GABA, or would the be overdoing it a bit. Tinnitus is a genuine challenge that
    affects thousands and thousands of persons. A regimen
    of vitamin therapy has been found to give some who suffer from ringing of the ears relief.


    Have a look at my page - Tinnitustreatmentandremedies.Webs.com

    ReplyDelete
  3. Anonymous1:49 AM

    You must note however that these benefits derive from consuming virgin coconut oils,
    not hydrogenated. The free report that they are offering
    is more than enough to justify a quick trip to their website.
    Explore for yourself, find a product that you are comfortable with and
    is guaranteed, and I'm sure that you will be satisfied with what you find.

    My page medical treatment for hemorrhoids

    ReplyDelete
  4. Anonymous3:40 AM

    This is because you can rely on assistance from family lawyers Parramatta and involving
    various other court personnel. Because the civil laws
    in particular have developed over hundreds of years, they have become highly complex.
    Mentor - In the newspapers I looked for any opportunity that
    would allow me take control and improve my unbelievable life.



    Also visit my page; american family lawyers association

    ReplyDelete
  5. Anonymous7:34 AM

    The Five Rules Of Youtube: Requiem for A Dream Soundtrack is
    a Must. Despite the millions of earnings, it's nonetheless wise to go for something that's economical.
    Another efficient mode to endorse your video is buying buy youtube comments.


    Also visit my web site; youtube views

    ReplyDelete
  6. Anonymous7:19 AM

    Hey there are using Wordpress for your blog platform?
    I'm new to the blog world but I'm trying to get started and create my own.
    Do you require any html coding expertise to make your own blog?
    Any help would be really appreciated!

    Also visit my blog ... venapro website

    ReplyDelete
  7. Anonymous8:22 AM

    When I originally commented I clicked the "Notify me when new comments are added"
    checkbox and now each time a comment is added I get several emails with the same comment.

    Is there any way you can remove people from that service?
    Many thanks!

    Visit my site :: virility ex

    ReplyDelete
  8. Anonymous9:03 AM

    These are in fact wonderful ideas in on the topic of blogging.
    You have touched some fastidious things here.
    Any way keep up wrinting.

    My web page :: idol lip

    ReplyDelete