866-944--5177 (toll free)         708-448-5177 (Local)  

Articles

         Beyond If Solutions

Mobile Device Management         |         Data Security: Biometrics, RFID, Encryption         |         Keyless Door Locks         |         More....

 

 

 

 

 

 

View Cart  

 

Articles

 

Passwords and the Human Factor  by Terrence F. Doheny, CEO, Beyond If Solutions

 

Open Sesame - Password Security  by Terrence F. Doheny, CEO, Beyond If Solutions

 

Biometrics and “Return On Investment”  by Terrence F. Doheny, CEO, Beyond If Solutions

Passwords and the Human Factor


Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness
.
It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents
.
The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through “Social Engineering.”  People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password shared with a forgetful employee can compromise an entire system.  In more ominous cases, a con artist or hacker can phone a naïve employee and present themselves as a senior executive or help desk employee to obtain that persons password.  People have also been duped by callers claiming an emergency, cajoling or even threatening the employees job if a password is not supplied.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with periodic reviews of the company policy. There can also be frequent reminders such as banners or other notices regarding password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T., human resource, and legal departments. Written policies should be a part of the employee’s introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.
Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company’s liability in many legal actions. To work, a policy must have “teeth”. There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning to termination or even notification of law enforcement.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written, enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

Article written by:
Terrence F. Doheny
President
Beyond If Solutions, LLC
www.beyondifsolutions.com
terry@beyondifsolutions(dot)com

Open Sesame - Password Security


“Open Sesame!” is probably the most famous password in literature. It gave Ali Baba access to vast treasure.  In the realm of technology, computer passwords also give access to valuable treasures: precious business and personal data

Information about your personal life, buying habits, credit quality and life style is valuable to those who can profit from it.  For the Corporation, information has even greater worth.  It is not the “Bricks and Mortar” but the intangibles such as intellectual property, client lists, market strategies, pricing and compensation that account for over half the value of the modern enterprise.

All of this personal and business data most likely resides on a database somewhere and is available with a password.  In fact, passwords are the most common means of entry in any system. They are also acknowledged as the most vulnerable points for security. “Weak” or compromised passwords are the easiest way for hackers to gain entry into a system. Simple or short passwords can be easily discovered through “brute force” or “dictionary” attacks which concentrate intense computer power to crack a password. A two letter password, for example, has only 676 combinations. A password with eight letters offers more safety with 208,000,000 combinations.

Ideally, a password should consist of 8 or more characters. They should also contain a mixture of upper and lower case letters, symbols and numbers. “A$d3B5i9X” would be an example. Microsoft security has encouraged the concept of the “Pass Phrase” as an alternative. A phrase such as,”TheLastGoodBookUBoughtCost$25!” has all of the needed elements and is also easy to remember.

The human factor or social engineering contributes to password compromises. It is estimated that employees share their password eight times a year. Passwords can also be cajoled from untrained or naïve workers. The standard rule is NEVER share a password. Remember the cliché of the “Six Degrees of Separation.” You cannot know who will eventually end up with your password and own it.

To cope with these issues, many leading edge firms are adopting a in-depth defense strategy utilizing three elements to better safeguard their information.

The three layers of authentication consist of:

What you know...
            A strong password or pass phrase
What you have...
           A Crypto-key, smart card or token
Who you are...
            A biometric aspect such as fingerprint, hand, or retinal recognition

Usage of these three defensive measures will increase dramatically in the future as people seek to thwart ever increasing threats to their private and personal information. Many companies will be mandating them as a significant part of their security best-practices to safeguard an extremely valuable asset: their treasured data.

Article written by:
Terrence F. Doheny
President
Beyond If Solutions, LLC.
www.beyondifsolutions.com
terry@beyondifsolutions(dot)com

Biometrics and “Return On Investment”
 

At this time of tight budgets, the mantra of business is “Return On Investment”! With few exceptions, expenditures are measured against the bottom line. Outlays for capital expenses are strictly evaluated in terms of profitability and the total cost of ownership. The era of purchasing new gadgets due to their “whiz-bang” factor is long gone. How can biometrics provide the sought after “R.O.I.” in this environment?

A biometric hand reader prevents a felon from entering your office or warehouse. Can this preventive measure be assigned a dollar amount? A fingerprint scan stops an unauthorized person from gaining access to your computer system. Can a value be determined?

Confusion about the cost benefits of implementing biometric technology has several origins. For example, a business may have never conducted an audit of its critical data and physical assets. This lapse may cause them to have no idea of their value if those assets are lost or compromised. A company may also be unaware of its downstream liability if their negligence results in damage to other firms or individuals. The costs of the resulting legal consequences and liability can often be overlooked.

In fairness to many businesses, it is difficult to assign a cost to these types of issues because they represent an uncertain, and hopefully unlikely, eventuality. However, as remote as that eventuality may seem, every day many firms face stunning financial losses due to theft, fraud and legal settlements.

Are there areas of the enterprise that can clearly show the profitability of adopting biometric solutions? Predictably, the greatest profits are realized in the applications that are considered the strongest for biometrics: “system access”.

High on the list of frustrations for many companies is the plague of password problems surrounding their information systems. Denial of access, expired and forgotten passwords, log-on failures and other fiascos affect productivity and consume help desk resources. Biometrics can offer a cost effective cure for thiws dilemma. A formula for evaluating the R.O.I. can be roughly determined using a simple legal pad. A survey is conducted to determine the amount of time the help desk spends on password and access problems during the course of their day. After collecting this data for 30 days, calculate the percentage of hours spent on access issues against the total hours of help desk operation. This will provide a general baseline for determining the cost of these issues. For some firms it will be miniscule, but for other companies it may loom large and need attention. Surprisingly, many surveys reveal that approximately 30% of help desk resources are devoted to access and authentication issues. Estimated costs can then be calculated by evaluating the help desk’s time spent addressing these problems. If it is 20% of daily activity, for example, calculate that percent as a dollar amount of the total help desk cost. Over the course of a year, it would not be uncommon to have an annual recurring charge of $200 to $300 per employee for access issues. This dollar drain does not even consider that the hours dedicated to these repetitive tasks could be better spent elsewhere by I.T. staff. This diversion of time and talent results in a double impact on the bottom line.

The introduction of a biometric access solutions can provide benefits on different levels often resulting in reduced expenses and stronger authentication. For example, fingerprint scanning devices for access to data and computer systems are now being adopted in greater numbers. The costs of this hardware and its supporting software can vary from an inexpensive simple fingerprint pad reader or biometric mouse to more comprehensive enterprise solutions involving the use of resident servers of licensing arrangements. A key factor in the business decision to install these technologies is to consider carefully the one-time expense for these applications and hardware versus the ongoing costs of maintaining a current system of access support with its annual and repetitive expenses.

In summary, by utilizing biometric technology to effectively deal with the issue of control and access, the enterprise may create a system that provides safer and more secure authentication at a greater savings to the bottom line- a true case of a better “R.O.I.”.

Article written by:
Terrence F. Doheny
CEO
Beyond If™ Solutions, LLC
www.beyondifsolutions.com

Beyond If Solutions

Beyond If Solutions, LLC

708-448-5177

866-944-5177

Email for information

 Click here to join our mailing list

 

Return Policy

Privacy Policy

Our Business Philosophy

Website Updated  9/07/11

The Beyond If™ trademark is the property of Beyond If™ Corporation   ©2002-2010 Beyond If™ Solutions, LLC  All Rights Reserved