Passwords: The weakest link in network security
Enterprise and government organizations must constantly work to ensure that access to their networks and applications is secure.
While many IT administrators think
first about protecting against outside attacks, most are also justifiably concerned about break-ins that occur within the network environment. According to the Computer
Emergency Response Team (CERT), 80% of the security attacks they investigate are password related.
The password model is highly reliant on user cooperation and only
works when they are used correctly, everywhere, all the time. Unfortunately, users rarely use passwords correctly all the time, leading to a number of common problems
including: passwords that are easy to guess, single passwords across many systems, passwords written on Post-It® notes and passwords that are subject to social
engineering attacks.
To make matters worse, often all that is needed is a single password in order to gain access to and compromise security on every system to
which that user has single sign in rights. What this means is that your systems are only as secure as your least responsible user.
Below, we will discuss
the specifics of why passwords are not secure, why they are expensive and inconvenient, and how fingerprint authentication overcomes these weaknesses.
Why Passwords Are Not Secure
While in theory passwords can be quite secure, in practice the security fails because of the people who are forced to use them. IT administrators have little
control over user behavior and yet must rely on users to maintain password security. Since users are burdened with an ever-increasing number of passwords in their
lives, they look for ways to make password management easier—usually at the expense of maintaining adequate security.
Password Security Problems
• Users create passwords that are easily guessed and prone to dictionary attacks
• Users sometimes share passwords
• Users write passwords down on Post-It notes
Password Policy Problems
In an attempt to gain some control over the security of user authentication, many organizations will institute password policies. Examples include:
Password creation rules...
• 12 character minimum with 2 or more symbols (i.e. !, &, $, etc.)
• Must include upper and lower case letters
• Must not be a word found in the dictionary
• Cannot be a variant of a previous password
Periodic expiration of passwords...
• 30, 60, 90 day expirations are typical
• User must create a new password upon expiration
Rigid password policies force users to create complicated passwords and to periodically change them—they do not ensure secure passwords. Ironically, the level of
security may drop when organizations institute rigid password policies. Most users find these policies so burdensome that they write down their passwords.
A larger number of written passwords will dramatically increase the risk of social attacks (e.g. gaining unauthorized access by copying a Post-it note) and,
as a result, reduce security.
User Support and Cost Problems
As the complexity of password policies increase, organizations are often faced with increasing costs and support needs.
• Overly cryptic passwords are hard to remember
• Passwords are often lost or forgotten
• 30% - 40% of all helpdesk calls relate to password issues
• Widespread password protection interrupts work flow and reduces productivity
The Solution: Fingerprint Authentication Security, Productivity, Compliance and Convenience
The challenge in attempting to replace password authentication is to find a solution that increases the security of networks while simultaneously adding convenience.
Traditionally, security and convenience have been at odds with each other. To make networks more secure usually meant access to them became less convenient, and vice versa.
Fingerprint authentication meets this challenge and eliminates the weaknesses associated with user-entered passwords.
Fingerprint authentication provides:
• Security - Fingerprints cannot be guessed, shared or stolen. Also, a fingerprint is unique to the individual, ensuring that the person logging on is the
authorized person.
• Productivity - Fingerprints are never forgotten. Fingerprint authentication can eliminate up to 90% of all support calls. And, there will be no
more users locked out of their accounts due to forgotten or expired passwords.
• Compliance - Fingerprints provide user-unique audit trails to assist with regulatory compliance for HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act, etc.
• Convenience - Users are driven by convenience, which is why traditional password-based systems fail. With fingerprint authentication, users
get convenient access with a touch of a finger; there is no password to remember or type.