What is security's silver bullet?

How many different user IDs and passwords do you have to remember in order to access the applications and services that you use regularly? I did a quick count of my own pool of alphanumeric lines that are swimming in my memory bank...

How many different user IDs and passwords do you have to remember in order to access the applications and services that you use regularly? I did a quick count of my own pool of alphanumeric lines that are swimming in my memory bank... There's one for each of my four Web e-mail accounts, two to access my company's e-mail and content management systems, one each for the two IM accounts I have, at least five others for the various member accounts I maintain at sites like Amazon.com, PayPal, The Sims 2.com and LinkedIn...I stopped counting after 10. The number got so voluminous that, I confess, I resorted to storing some of them--specifically those I seldom use and have a higher tendency to forget--in my Palm. It's bad security practice, I know, but at least I didn't jot it down on a PostIT note and try to conceal it under my keyboard. Human error is often cited as the biggest loophole in a company's security strategy, so it comes as hardly a surprise that another security expert this week pointed to computer users as the "least educated" when it comes to adopting proper security practices. He also highlighted fixed passwords as generally a "dangerous" tool because, unlike one-time or token-based passwords, they remain unchanged until users are prompted to renew their password, usually after a 60- or 90-day cycle. But, as ZDNet Asia reader Wendy Goucher points out, businesses need to do more than simply dismissing the role that employees play in helping to preserve a healthy level of security for their company.


RFID chip implant in a hand (Source: blogger Amal Graafstra)
I'm unsure though if it'll take tools like token-based key generators or the complete abolishment of passwords to put an end to a company's security woes. Over the past years, devices and technologies like smart cards, Java-based cards, USB-enabled security tokens and biometrics, have been touted as the answer. Years later, most PCs today still don't come equipped with a card reader, biometric technology hasn't been perfected, and those handy security tokens can be easily misplaced--just as passwords can be easily forgotten. Suffice to say that the problem with security isn't a simple one to solve and the silver bullet is unlikely to come any time soon. Perhaps it'll take a human chip implant to eradicate security threats, but until that day comes, the best defense will require a combination of user vigilance, regular administrative checks and further technology advancements.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All