Security guru demands two-factor authentication

RSA Conference: Businesses have been urged to get their act together over security and insist that users supply more than just a password before getting online
Written by Dan Ilett, Contributor
Howard Schmidt, the chief security officer for eBay and former White House adviser for cyberspace has called for greater use of two-factor authentication.

Speaking at a press briefing in Barcelona on Wednesday, Mr Schmidt said that businesses had clearly improved security practice, but that the technology is now available for them to use two-factor authentication -- where users must supply two forms of identification.

"We're doing better security now, but we still depend on usernames and passwords as a way of getting online. We now have the technology for the end-user to have two-factor authentication. We expect to see security grow and be federated," said Schmidt, adding that people had to accept the need to supply more credentials.

Schmidt gave the example of how AOL was issuing two-factor Secure-ID tokens to many of its users. He said that bank cards were also a good example of authentication: "They are something you have -- the card -- and something you know -- the PIN."

RSA announced at the conference that one-third of companies were failing to implement security updates properly.

"You would have thought that security would be one of the first items on the board agenda," said Tim Pickard, RSA's marketing director.

"CIOs and IT directors must start to take a holistic approach to securing their organisation rather than reacting with point-solutions every time there is a specific threat," Pickard added.

But Schmidt turned this claim on its head, saying RSA's results were actually positive news.

"To me that's a good thing because two-thirds are [taking it seriously]. The security process is becoming part of the business process. There's been a change that has taken place," Schmidt said.

Schmidt added that 'co-opertition' -- a new term that means networking between competitors -- was helping to improve the spread of information and speed up companies' reaction time to incidents.

"We've seen gangs of hackers going to organised crime to send phishing emails to an unsuspecting public," he said. "I thought [co-opertition] was one of the stupidest words I had heard. But now we have mechanisms where we can contact security folk all around the world around the world. If [someone] hosts a phishing site, we can reduce the time in which someone can become a victim."

Editorial standards