Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Password Palooza: Intelligent Password Management

Passwords are more secure than you think. And you can make them even better using intelligent password management.

By

August 01, 2005CSO — Many CSOs would like to eliminate passwords from their organizations and use some other technology to authenticate users. That's because it's easy for users to inadvertently compromise password security or intentionally share passwords with coworkers, friends, even the enemy. (Think sticky notes on monitors.) But passwords are not going away anytime soon. They are too widespread, too easy to implement and just too darn useful. And they really are a good authentication technology.

Because CSOs will be stuck with passwords for the foreseeable future, organizations need to give their employees tools, policies and training to intelligently manage the passwords they have, while simultaneously minimizing the damage that can occur if those passwords are compromised.

One of the reasons passwords are ubiquitous in today's information-oriented society is that they are so easy for programmers to implement. Any computer system that has an input device and a little bit of memory can be rigged for password-controlled access. As a result, we have passwords not just for desktop computers and e-mail but for voice-mail systems, television v-chips, and car computers and emission systems as well. Passwords are everywhere.

Even if you restrict the discussion to the world of desktop computers, you'll still find that passwords are everywhere! Today's information workers must use dozens of passwords on a regular basis: to log in, to download e-mail, to access benefits systems and so on.

The purpose of passwords is to prevent information or resources from being accessed by an unauthorized individual. In practice, this means that passwords need to be both difficult to guess in the first place and then changed regularly. Good password management should prevent an ex-employee from using your corporate account to set up his own conference calls or to read your e-mail.

Password Synchronization

To start the password management process, minimize the number of passwords employees need to know. Here the most common approach is what's known as password synchronization. With this method, a central server guarantees that users can access all of a company's servers and services with the identical user name and password.

The easiest way to implement password synchronization is to deploy a centralized directory that stores user names and passwords. The most common technologies here are LDAP (lightweight directory access protocol) and Radius (remote authentication dial-in user service).

Password Vaults

Next, give your users a way to securely record their passwordsâ¬both your organization's and those issued by all those websites out there on the Internet. Although some people still use sticky notes taped to monitors, I prefer programs that implement what's known as a password vault. These programs store user names and passwords in a file that's encrypted with a so-called master password. Thus, instead of having to memorize dozens of individual passwords, employees need to remember only one.

RESOURCE CENTER