Government Computer News
Security in numbers
When it comes to controlling network access, agencies find two factors are better than one
Digg
De.licio.us
Slashdot
Technorati
Image: Olivier Douliery
There are some areas where the CAC and PKI are used extensively, and some places where they avoid it like the plague, because it’s different.”
— Mary Dixon, Defense Manpower Data Center
— Mary Dixon, Defense Manpower Data Center
Interoperability is an access problem
Building the PIV team
As chief technology officer of Digital Persona Inc. in Redwood City, Calif., Bjorn’s statement comes with a disclosure: “It’s our mission to promote the notion of a fingerprint-centric world.”
But Bjorn is not alone in his assessment.
“Passwords are a flawed technology,” said Tom Gilbert, CTO of Blue Ridge Networks Inc. of Chantilly, Va. They aggravate the users who have to remember them and the administrators who rely on them to secure their systems.
“Passwords don’t scale,” said Mary Dixon, director of the Common Access Card Office in the Defense Manpower Data Center.
The problem is twofold. Passwords are becoming more complex in order to increase their strength, and we need more of them to password-protect more resources.
“The more we try to protect things with them, the harder it becomes to keep them in our heads,” Dixon said. This makes them expensive, because they generate help desk calls when they’re forgotten, and less secure when they’re written down.
Increases in computing power also make brute-force cracking easier. And by using rainbow tables of password hash values, you don’t even have to crack a password. If you intercept the hash, you can just look it up.
But despite its flaws, no one believes the password will disappear any time soon. “People value convenience over security,” said Gilbert. For both developers and end users, “it’s often the easiest form of authentication for people to use.”
The solution, then, is to use two-factor authentication, in which some type of hardware or software token, or biometric, is used, usually in conjunction with a password.
“In a multifactor system where they are not being relied upon exclusively, they are helpful,” said Paul Henry, vice president for strategic accounts at Secure Computing Corp. of San Jose, Calif.
And this is where the consensus ends. It appears no one can agree on what the second factor should be.
Does it really matter?
Bjorn’s vision is of a world in which fingerprints are the primary factor for authentication. Gilbert describes himself as a smart-card zealot. But in the end, it might not matter which an agency chooses.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [happiness]](/images/1105logo_website.gif "Government Computer News [happiness]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
