Tech
What is security's silver bullet?
How many different user IDs and passwords do you have to remember in order to access the applications and services that you use regularly? I did a quick count of my own pool of alphanumeric lines that are swimming in my memory bank...
![eileen-yu](https://www.zdnet.com/a/img/resize/4d2932e73e0e41143a8d90a05d028ae0ab95f8a3/2022/08/13/2dd68a59-269a-4024-8e9e-8d4f16fbc2d2/eileen-yu.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
How many different user IDs and passwords do you have to remember in order to access the applications and services that you use regularly? I did a quick count of my own pool of alphanumeric lines that are swimming in my memory bank...
There's one for each of my four Web e-mail accounts, two to access my company's e-mail and content management systems, one each for the two IM accounts I have, at least five others for the various member accounts I maintain at sites like Amazon.com, PayPal, The Sims 2.com and LinkedIn...I stopped counting after 10.
The number got so voluminous that, I confess, I resorted to storing some of them--specifically those I seldom use and have a higher tendency to forget--in my Palm. It's bad security practice, I know, but at least I didn't jot it down on a PostIT note and try to conceal it under my keyboard.
Human error is often cited as the biggest loophole in a company's security strategy, so it comes as hardly a surprise that another security expert this week pointed to computer users as the "least educated" when it comes to adopting proper security practices. He also highlighted fixed passwords as generally a "dangerous" tool because, unlike one-time or token-based passwords, they remain unchanged until users are prompted to renew their password, usually after a 60- or 90-day cycle.
But, as ZDNet Asia reader Wendy Goucher points out, businesses need to do more than simply dismissing the role that employees play in helping to preserve a healthy level of security for their company.
I'm unsure though if it'll take tools like token-based key generators or the complete abolishment of passwords to put an end to a company's security woes.
Over the past years, devices and technologies like smart cards, Java-based cards, USB-enabled security tokens and biometrics, have been touted as the answer.
Years later, most PCs today still don't come equipped with a card reader, biometric technology hasn't been perfected, and those handy security tokens can be easily misplaced--just as passwords can be easily forgotten.
Suffice to say that the problem with security isn't a simple one to solve and the silver bullet is unlikely to come any time soon.
Perhaps it'll take a human chip implant to eradicate security threats, but until that day comes, the best defense will require a combination of user vigilance, regular administrative checks and further technology advancements.
![]() RFID chip implant in a hand (Source: blogger Amal Graafstra) |