Custom Application Development

Nov 26 2008   10:42PM GMT

Password Management



Posted by: SJC
Tags:
Application Security
IT Management

We’ve all seen them — the little yellow sticky notes pinned up on the workstation board, or attached to a cabinet, or whatever other clearly convenient and visible place that is available — the ones with username / password combinations scratched on them for all to see!  Is it any wonder that studies indicate that our most vulnerable areas of system security come from within?

While we may require “strong” passwords which get changed every 30 – 60 days, they can be even more susceptible to being “written down” where the user can “remember” them — in my experience the more restrictions put on a “strong” password the more often users will write them down because they’re afraid of forgetting them.  I don’t blame them — but — it sure destroys the security that we try to build into our systems. 

Add to this password mess the requirement for meeting varying requirements for individual systems, networks and workstations and the situation becomes convoluted at best.  What got me going on this blog path was seeing the statement “Sticky notes don’t make for good security” in something I was reading.  My response to the statement is, of course, DUH!

So — How to get passwords under control?  Wouldn’t it be nice if we had an application to securely allow us to use a single password to access all resources which meet our security level?  A Google search on password management tools returns a number of entries — however at a quick glance most tools seem to be specific to Mac or Windows environments exclusively.  It seems to me that most desireable would be an application which will serve ALL common O/S environments, as well as databases. 

Maybe I just want too much :-) , but I can dream can’t I?

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mselbie
    Nice article that highlights the growing need for usable security products including password management products on the internet. Longer password strings are not the solution and don’t seem to have evolved at the same rate other technologies have. Its ironic that the internet provides a huge efficiency opportunity yet relies on technology that increasingly confounds the beneficiary. We know from lots of research that people prefer pictures to words and from our own research at Vidoop, that by far the majority of US adults on-line are very frustrated with remembering and organizing passwords. So we developed a [B]visual login[/B] that eliminates passwords and yet is effective against the prevalent forms of hacking. Its free, usable, secure and works on multiple computers in [B]all browsers[/B]. It remembers the passwords that the average user can’t and in this way help to get [I]'passwords under control'[/I] Check out the frisbee catching tortoise video at [A href="http://vidoop.com"] , and some of the newer work at [A href="http://vidoop.com/labs/"]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: