Password Seeks Partner For Long-Term, Secure Relationship
Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone.
But it's no secret that passwords are no longer sufficient as the sole means of granting access to critical networks, applications, and data, particularly as the number of applications requiring passwords at any given firm has skyrocketed. Either passwords are too weak, not changed regularly enough, or users write them down in a publicly accessible (read: not very secure) place, or theyre long enough, complex enough, and changed regularly, and thus impossible to remember.
Organizations have been enacting more stringent measures to protect corporate and customer data from external and internal threats, comply with regulations, and manage information risks. One result is that enterprise security strategies have focused more sharply on managing user identities, access rights, and entitlements, driving a broader movement toward identity and access management (IAM). One of the first things firms recognize is that single-factor authentication (passwords alone) is a weak link in the security chain.
Firms looking to improve their IAM posture and clear the way to implement processes and technologies, like account and credential provisioning and life-cycle management, authorization and entitlement management, single sign-on (SSO), privileged user management, and federation, look to strong authentication as a starting point.
If IAM is analogous to allowing only those people you trust to enter your house, then strong authentication is the first step in the process: putting a lock on your door.
Deciding on a strong authentication solution is basically determining what combination of locks and keys will work best in a particular environment. But this is far from a trivial exercise: Dozens of distinct types of second-factor credentials, such as tokens, smart cards, and biometrics, dot today's marketplace; most of them provide a similar level of security.
But the main question driving the strong authentication marketplace today is not security, it's usability. Users don't like complexity, and they dont like to do something extra that affects their productivity. Companies mandating strong authentication found that employees would circumvent this burden whenever and however possible (like sharing credentials). This poses a problem for vendors and buyers alike: What will end users actually use?
With that in mind, here are three of the trends in the strong authentication market.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
