General discussion

Locked

Password dummy

By Neil Higgins ·
Apparently,most people forget their passwords at some stage.Others write them down,and then forget them.The consequences are obvious.Where I work,you have a personal pin code to access the "system".If passwords,or Mission Impossible tactics are'nt the answer to security,what is?
Below is a link to a zdnet article on passwords:

http://news.zdnet.com/2100-1009_22-5865013.html

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

interesting..

by Jaqui In reply to Password dummy

but why not go that extra step and monitor keystroke style?
then, if someone else is using the system you have a third defense that kills anything the user is tryiong to do, hopefully while alerting the admin so they can be caught and charged.

the software to monitor keystroke patterns has been around for a long time, and is an unbeatable defense, as every person has a different pattern to how they use the keyboard. the software can be setup to compare pattern to every legal user of the systems, and take appropriate action if it's another employee using the workstation, or if it's someone completely un-authorised.

Collapse -

A few ideas about this

by jdclyde In reply to Password dummy

First, if you have taken even a basic admin or security class you have learned all the problems with passwords. People write them down. People pick their pets or kids or something. People give them out. They can be cracked.

But who do we hear this from the most? The people that want to SELL the latest, greatest, wizbang that will save us all. Tokens, biometrics, all sound like good products but is the data to support the costs unbiased or does it have a vested interest in you going with a system like this?

I have heard so many people that have a solution to sell me, and each one is better than the rest. I know this, because they told me so.

Collapse -

true.

by Jaqui In reply to A few ideas about this

at least my solution as suggested isn't new tech, it's implement what's been available for years.

Collapse -

How would it handle

by jdclyde In reply to true.

when I am doing something else at the same time and type one handed so I don't have to put something else down? Like food or phone (or porn?) ;\

Not up on the keystroke patterns.

This would be like the voice recognition software that didn't work if you had a cold?

Collapse -

well,

by Jaqui In reply to How would it handle

you could actually increaese the db size for it and have people use the keyboard under different conditions so there is a baseline for most situations.

the ideaa behind it is that eveyone will have some keys they are slower in hitting, faster on some, harder on others...
even one handed this basic pattern is still there.

I remember when I was learning computers back in 81-82, typing one handed at 45 words per minute.. programming in r/t in hex. :)
can you guess which keys I am fast at hitting? ~L~
I know that no one solution is perfect, but this one has the potential to keep intrusions down much more than the password model does.

the biggest drawback is that it must be running on every client to work.
( network access denied if it's not running will keep a lot of hack attempts from getting through even if they have broken the other safeguards. )

Collapse -

Special keyboard?

by jdclyde In reply to well,

you mentioned hitting some keys harder. Is this a special keyboard?

I thought you were just talking about software running on the pc.

Guess I will have to get off my a$$ and read up on this.

Collapse -

No perfect solution

by DC Guy In reply to How would it handle

Security is always a balance between false positives and false negatives. You have to err on the side of locking out an authorized user for obvious reasons.

With typing cadence people will soon learn to sit down and type normally, especially after you tell them that and they still try it one-handed, standing up, in the dark, drinking coffee, with the cat trying to get their attention.

Password programs are becoming more draconian, they already require a mix of upper case, lower case, and numerals. It won't be long before they have to be of the form A9#9#A. Then of course we'll all forget them, especially since they force us to change them every 90 days.

Passwords just can't provide the security we need without overwhelming the security staff with requests for new passwords, a situation which creates quite a risk exposure of its own.

I predict that biometrics will replace them. Voice prints have the problem you already identified. Your retinas can be removed and stolen if this is a James Bond scenario. Personally I think typing cadence is probably the best way to go.

Collapse -

removing retinas

by jdclyde In reply to No perfect solution

They have the ability now for retina and fingerprints to tell if the person is dead or not, just for that reason. Fingerprints? Just take the finger or hand. Doesn't work.

Imagine the joyful people that designed that?

The best I have heard of is where they use a camera and the computer does calculations based on your face and an image stored in the database. In use by the feds now, and I think they even use this in casinos to identify cheats.

Collapse -

Biometrics

by Neil Higgins In reply to removing retinas

Read this CNN story on biometric security:

http://www.cnn.com/2005/TECH/08/29/transforming.biometrics.ap/index.html

*Thanks to jd and DC for pointing me in this direction :)

Collapse -

No perfect solution

by Andrew06 In reply to Biometrics

I also feel that the solution of using biometric devices such as keyboards and mice will always be susceptible to things like plastic tape and laminate material. I think that blood samples and DNA would still be hackable but would be extremely HARD.

Back to Security Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums