Product Group Tests
AuthenticationMarch 18, 2014
Most security professionals decry the use of password authentication as next to worthless. But we still have a lot of passwords floating about. Studies repeatedly show that people commit the two cardinal sins - very weak passwords and reusing passwords - with frustrating frequency. Why do we still use pass¬words? Cost.
But, biometrics are starting to become affordable and tokenless multifactor authentication shows a lot of promise. That does not mean the death of passwords though. Average users will probably not flock to multifactor authentication any time soon. Corporate users have less and less reason to stick to password authentication. If one must use passwords for the bulk of users, though, here are some thoughts on when not to.
If system and database administrators use the same passwords, shame. These folks have the keys to the kingdom; if their credentials are stolen there's a new threat inside the enterprise! Credential-stealing bots are now old school.
If remote users are using passwords to login over the organisation's VPN, then rethink that authentication method now. A stolen laptop or other mobile device can expose the organisation, especially if the employee uses remembered passwords and reuses the same ones. An innocuous breach at a site that looks trivial isn't if the passwords stolen are reused on sensitive systems, like the corporate network.
So how do we make the decision to move off passwords and on to multifactor authentication? The big cost today, in organisational environments is not devices or the server. These are relatively inexpensive with several economic options. The cost is in administration. First step, determine who gets multifactor authentication and who doesn't. Consider what the authentication is to be used for. Are you concerned with systems, networks, applications or some¬thing else? The thing to be secured often dictates the limitations placed on authentication methods.
After determining what needs to be secured and what it takes to secure it, consider deployment and ongoing administration. Are there geographically wide-ranging requirements that suit some sort of self-provisioning? How do you handle day-to-day user management, device - if there are any - management and other ongoing tasks?
Sometimes token authentications can be quite trying, eg, if there is some sort of disability that makes using an authentication device difficult, uncomfortable or frustrating. Select your authentication method carefully if you have employees who might be affected.
If multifactor authentication suits some or all of your employees, there are lots of options to match your criteria with some of the best are shown here! Prices are US-based thus indicative only.
*In the original testing, we looked at ten products. Some of the top performers are shown here in print. All reviews and a comparison table are shown on the SC UK website at www.scmagazineuk.com.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry