Industry View
Your Identity: "Costanza Style"
Your identity, like an overcrowded wallet, is ready to burst. David Miller, chief security officer for Covisint, tells us how to solve the problem
By David Miller, CSO, Covisint
Identifying the problem
At the current rate of password expansion, you'll need hundreds of username and password combinations in the coming years. Remember, most websites today require you to use alpha-numeric combinations of 4, 8 or 12 characters, which, many times, are unique combinations that you don't use elsewhere.
A major analyst firm, IDC, added this: "Many dynamics are converging to create a challenging environment for secure identity and access management," said Irida Xheneti, Security Services Analyst with IDC. "These include the evolving technology landscape with new applications and systems emerging every day; a growing mobile workforce where portable electronics have become the back door to an organization; and the enterprise landscape where partners and suppliers demand access to corporate information. All of these factors have made securing user identities and enterprises a very complex and expensive task."
Before you know it, each month it seems like you've added another dozen or so username/ password combos. It's all just too much for any mortal to handle. And, life already has enough complications. The simple truth is that there are better things to do: soccer games to attend, ice cream to eat, work to finish, the latest cliffhanger of Lost to watch.
So, like the rest of us overworked, time-starved and memory-constipated folk, you take the easy way out. An understandable choice, to be sure, but who are we kidding. It just doesn't work well in the real world.
But, I can guarantee that all your little personal "password tricks" that you thought nobody else employed are just dripping with danger -- unnecessarily. These include: -If it works for one, it'll work for 'em all. Making every combo the same is not safe, yet many people employ this tactic. The problem? If a bad guy gets your New York Times username and password combo, then he also gets your banking combo. See the problem? -The "easy one to remember" method. Okay, the word "password" is not a good password. Do I really need to explain this one? -The "sticky note" approach. This involves writing all of your combos down on one pad of paper or, worse yet, sticky notes dangling all around your computer screen. Now, what happens if you lose the paper or notes, they're stolen or somebody walks by your cube and photographs, copies or otherwise compromises them? Not good.
In spite of the obvious problems associated with each, these are still the most popular ways to handle identity and password challenges. A better method must exist, but what? A better system must be developed, but by whom?
Identity management
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Understanding Versatile Authentication and Its Benefits
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
