Modern authentications technologies can help organizations secure their networks while simplifying access policies
Nicolai Solling, Director of Technology Services at help AG states that one of the big issues with password management is that there are simply too many of them. Research has shown that at any given point of time, a single employee will be required to maintain an average of 15 different passwords within both the private and corporate spheres. The challenge of remembering this sheer volume of login credentials is exacerbated by rigid password policies which specify guidelines such as use of lower and upper case characters, special characters and alphanumeric combinations. What this inadvertently promotes then is the reuse passwords across multiple applications including social media websites which have historically proven to be woefully insecure.
Furthermore, complex password policies often stipulate regular update which can make it difficult for users to remember their passwords. Resetting a forgotten password would require a call to the IT helpdesk. Statistics show that 35 to 50 percent of help desk calls are related to passwords with a cost estimated between USD25 to USD50 per call. And this does not even account for the loss of productivity in the time that it takes to reset the password which itself is a massive overhead.
Organizations have tried to remedy these problems though the use of Single Sign-On (SSO) solutions. By employing complex application integration, enterprises grant users access to all the systems with a single username/password combination. But this is limited by the complexity of the underlying systems and compatibility issues.
More importantly, given that cyber criminals now have a number of sophisticated means to infiltrate systems and steal credentials, the Single Sign-On (SSO) is no longer a viable authentication solution. Organizations need to make long-term plans for replacing or supplementing password-based authentication with stronger forms of authentication.
Two Factor Authentication
This is seen as the next logical step in user authentication and is far more secure than password based authentication. The basic principle followed by such systems is to grant access based on 'something you know' such as a username/password combination and 'something you have'.
The latter part of this requirement could be a one time password (OTP) provided in a text message or by a secure token systems. What IT managers need to be aware of however, is that the various forms of two-factor authentication are vastly different in their implementations and therefore will differ in their performance. By understanding the vulnerabilities of each of these systems, decision makers can select the solution which best protects the organization.
The Pitfalls of Text Messaging Passwords
Providing an OTP via a text message may seem secure but organizations need to consider that SMS is not an inherently secure channel. As SMS does not employ any form or encryption, it is very easy for hackers to use low cost hardware to intercept these messages, extract the information from them and then gain access to the network by using this.
The cost associated with SMS services may mean organizations limit the authentication challenges. Furthermore SMS based token solutions are troublesome as with certain mobile networks, SMS is a low priority service and therefore may sometimes only arrive with considerable latency, thereby making authentication impossible.
Token Based Authentication
A highly popular form of two-factor authentication, which has already seen usage by enterprises across the globe, has been the use of a dynamically generated token. This is by far the best form of authentication but CIOs still need pay close attention to how the tokens are distributed and managed. Currently, most well established vendors provide hardware devices which generated tokens based on pre-loaded seat-keys.
The problem with these systems however is that these seat-keys are hardcoded into the devices at the time of manufacture and this information is managed by a third party provider. As with any critical business application, entrusting such information to a outside source should immediately raise security concerns. This became all but too apparent when hackers broken into the servers of security firm RSA and stolen information linked to the company's SecurID tokens, which are widely used to grant secure access to corporate networks and online bank accounts.
Furthermore, the token device itself entails a substantial overhead and as the number of users increases, the cost of such an implementation skyrockets as well. Loss of the device could translate to loss of productivity as there is inevitably a time duration associated with procuring a new hardware device.
Advancements in Two-factor Authentication
The good news however is that there are now players in the market who offer two-factor authentication solutions which overcome both these limitations. These solutions entrust the generation of seat-keys to the organization itself thereby removing the dependence on a third party provider. Furthermore, software tokens can be generated on the employees mobile device and though desktop applications thereby bringing down implementation costs as well as easing distribution efforts.
Organizations need to understand that investment for a secure architecture at the time of initial deployment can mean far better cost-efficiency than working security into the design at a later point. Username/password as the sole means for authentication is no longer a feasible solution and smart business that avail the latest technologies will see long term benefits.
About help AG
help AG is a strategic information security consulting company, founded in Germany in 1995 and has been present in the Middle East since 2004. help AG provides leading enterprise businesses across the region with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements enabling them to evolve securely with a competitive edge.
Each and every vendor solution help AG presents to a Client has been thoroughly researched and evaluated. help AG is constantly identifying new and innovative solutions to offer to the market through its own in-house research & development laboratory. For more information, please visit www.helpag.com.
Tel: +97150 6400762
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Modern authentications technologies can help organizations secure their networks while simplifying access policies here
News-ID: 239406 • Views: 3811
More Releases from help AG
Help AG to Conduct Live-Hacking at GISEC to Highlight Top Middle East Cyber Secu …
DUBAI, United Arab Emirates- 08 March, 2016: Help AG, a leading information security services and solutions provider in the Middle East, today announced its participation at GISEC, taking place at the Dubai World Trade Center (DWTC) from 29 to 31 March 2016. The security specialist has clearly marked three focus areas for its participation – to highlight its extensive portfolio of services, including its Managed Security Services (MSS); demonstrate its
Help AG Announces Participation at GISEC 2015 Together with 6 Vendor Partners
DUBAI, United Arab Emirates- 19 April 2015: Help AG, a leading information security services and solutions provider in the Middle East, has announced its participation at GISEC 2015, taking place in Dubai from the 26th to the 28th of April 2015, where it will be present together with six of its vendor partners. In addition to demonstrating each of these vendors' technologies, the company will focus on showcasing its own
Help AG Launches Managed Security Services in the Middle East
Dubai, United Arab Emirates - 22 March, 2015 - To enable government and large enterprise businesses in the Middle East to combat the threat of cyber-attack, achieve IT compliance, and drastically reduce incident resolution time, without the significant overhead of a dedicated IT security department, Help AG, the leading information security services and solutions provider in the Middle East, has established its new Managed Security Services (MSS) division. The company
Help AG Announces Reseller Agreement with Splunk
DUBAI, United Arab Emirates, 11 December, 2014: Help AG, a leading information security services and solutions provider in the Middle East, has announced the signing of a reseller agreement with Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, that will enable it to offer Splunk® software, including Splunk Enterprise, to businesses in the Qatar, Saudi Arabia and UAE region. As per the agreement, Help AG will
More Releases for Nicolai
AGP World One's First Breakout Into USA: Limitless with Nicolai Friedrich
[SEATTLE, WA, Jan 11, 2021] — Nicolai Friedrich is a new age magician who has performed more than 3000 shows in countries like Germany, USA, Dubai, India, Hong Kong, to name a few. He has astounded the audience in every single venue that he has performed in and his most prominent take away is leaving the audience gasping in disbelief. The mentalist maestro has bagged numerous accolades & awards like the
Windows XP End-of-Support to Leave Large User Base Extremely Vulnerable to Attac …
DUBAI, United Arab Emirates, 12 March, 2014: Preceding Microsoft's imminent discontinuation of support for its hugely popular XP operating system (OS) on 8 April 2014, Help AG, a leading information security services and solutions provider in the Middle East, has issued a stern warning to business and home users to discontinue usage of the operating system or risk exposure to flood of security vulnerabilities. Windows XP currently has a 400%
Kamstrup Expands in Technology and Development
In a time where European competitiveness is under stress, the smart metering provider, Kamstrup, turns up development. On 3 December 2012 the company inaugurates a new wing to house high-skilled engineers and developers. The Danish minister of European Affairs, Nicolai Wammen, who has green growth as a key issue, will be in charge of the inauguration. Kamstrup manufactures smart meters and systems for intelligent energy management. And because of the growing demand
Controlling Employee Internet Activity Key to Addressing Middle East Concerns of …
DUBAI, United Arab Emirates– 18 July 2012- The widespread usage of corporate internet facilities for the non-business related purposes is fast becoming a major concern for organizations in the Middle East. Nicolai Solling, Director of Technology Services at help AG, referencing a recent internet usage behaviour report from Palo Alto, the leader in next-generation security and vendor partner of help AG, has stressed the need for enterprises to gain
464 pages of power semiconductor knowledge now in English
Power Semiconductor Application Manual Nuremberg, 22 November 2011 – Semikron presents the English version of its Application Manual - just in time for the fair SPS / IPC / Drives. The German version is already available. The 464-page-long manual provides electronics experts with detailed information on the selection and use of IGBT, MOSFET, diode and thyristor components. The Application Manual contains detailed application-related information such as electrical configuration for key operating
CINE OPERA (selected works) | AN EVENING WITH MICHAEL NYMAN in cooperation with …
in attendance of Michael Nyman and Myriam Blundell The 7th Berlin International Directors Lounge Meinblau, Pfefferberg Christinenstr. 18 | Schönhauser Allee 176 U Senefelder Platz 10119 Berlin Mitte Mo, 14th, 8 pm free admission “When I started there was no intention to make films or a book of photographs. It happened because I was there, had a camera and an eye and a curiosity, my own visual diaries of a distracted but persistent mind.” Michael