Tests to uproot Windows passwords begin
Results 1 to 9 of 9

Thread: Tests to uproot Windows passwords begin

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Tests to uproot Windows passwords begin

    Microsoft and RSA Security on Wednesday started beta testing a product designed to phase out the use of traditional passwords and replace them with automatically generated passwords from a SecurID token.

    SecurID is one of the most popular two-factor authentication systems and is already used by many large enterprises. The token is about the size of a matchbox and generates a new six-digit code every minute.

    Users are given an easy-to-remember PIN number to type in alongside the code displayed on the token. With an integrated SecurID system within Windows, enterprises should find easier and cheaper to ensure users do not use weak passwords or forget them.

    George Anderson, IT security business development manager at services firm Computacenter, which is one of the participants in the beta trial, said the SecurID and Windows combination is a welcome relief.

    "We recognize that password-only security has for some time been inadequate for truly protecting Windows workstations," Anderson said.

    The beta test program is being rolled out to a small number of companies and is expected to last around a month. RSA Security expects the full commercial version to be available in shortly after the trial ends.

    Jason Lewis, vice president of product management at RSA Security, said the technology complements RSA's core business, which is to authenticate remote users.

    "We've been traditionally focused on security issues outside the firewall and although securing remote access is critical, the RSA SecurID for Microsoft Windows solution addresses a real threat to exposing an organization's sensitive data within the enterprise," said Lewis.

    The integration of SecurID and Windows was first announced at the RSA Security conference in San Francisco earlier this year. At the time, Microsoft's chairman Bill Gates said the development signaled the death of the traditional password.
    http://zdnet.com.com/2100-1105-5225434.html
    -Simon \"SDK\"

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Oh dear..... That would confuse the living daylights out of my users..... It's hard enough get them to change their password in their lifetime..... I do hope it isn't mandatory.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Tiger Shark
    I do hope it isn't mandatory.....
    I really don't think they would do that Tiger, the SecruID tokens run about $150 (USD). I don't think MS & RSA would just give them away. This may get viewed as another money grab by MS and I don't think they want that publicity either. I could be wrong though.

    Cheers:
    DjM

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    They do cost $150 today..... But next year they will be $100 and so on until they are $.50. Then, fiscally, there's no good reason not to implement..... Thus it could become "mainstream" which is the equivalent of mandatory....

    I can hear the whines now...... Typo's, "it's too complicated", "it changes while I'm still typing it so I have to start again", "I'm only the receptionist, I don't have access to anything important", "It's too hard, whaaaaaaa".....

    I think I'll quit now - while I'm ahead.......

    I think I just depressed myself......

    Barkeep.... Another pint of the amber nectar please......

    /Slurp

    That's better......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Tiger Shark
    I can hear the whines now...... Typo's, "it's too complicated", "it changes while I'm still typing it so I have to start again", "I'm only the receptionist, I don't have access to anything important", "It's too hard, whaaaaaaa".....

    /Slurp

    That's better......
    We have most of our executive management team using these things (CEO's, CFO's, VP's...etc), Hell if these guys can figure it out, I think anyone can.

    Haven't you finished that beer yet? It's got to be warm by now.

    Cheers:
    DjM

  6. #6
    The way I look at it, Tiger, is that you can either have dumb users that addon to the percentage of network vunerability, or whiney users that bite the bullet and eventually embrace it as normally as they did when passwords became the norm.

    Let them whine and complain.

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Let them whine and complain.
    LOL, Pooh.... I do.... trust me.... I'm in a very fortunate position.... I can make edicts and my CEO and COO back me to the hilt..... It truly is a wonderful postion to be in....

    OTOH, as I age I try to minimize my workload somewhat..... Whining users grates with me and it stresses me out.... Well.... as much as I allow myself to be stressed......

    There will come a day when I have to "push" my users into something like this that they won't like.... I'll turn my phone off for the next few days and let my employees deal with it.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I used them before, they (in my opinion) would be much easier to manage then users losing or comprimising strong password. As for the cost, if MS build it into windows and makes it mandatory, then by sheer numbers the cost would be nothing. Add 20 bucks to the sale of windows and multiply that by billions of copies.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi Tiger,

    I have worked with this technology before (RSA) and so have several friends. None of us have encountered any problems with the users, in fact quite the opposite

    They seem to look on it as some sort of AO magic decoder ring, a status symbol almost? (sad b******s)

    The only actual problem is that the token is a quartz crystal clock mechanism, whereas the server is not, so you have to make sure that you keep resetting the system clock, or the two will get out of synchronisation.

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides