General discussion

  • Creator
    Topic
  • #2189759

    Password dummy

    Locked

    by neil higgins ·

    Apparently,most people forget their passwords at some stage.Others write them down,and then forget them.The consequences are obvious.Where I work,you have a personal pin code to access the “system”.If passwords,or Mission Impossible tactics are’nt the answer to security,what is?
    Below is a link to a zdnet article on passwords:

    http://news.zdnet.com/2100-1009_22-5865013.html

All Comments

  • Author
    Replies
    • #3059769

      interesting..

      by jaqui ·

      In reply to Password dummy

      but why not go that extra step and monitor keystroke style?
      then, if someone else is using the system you have a third defense that kills anything the user is tryiong to do, hopefully while alerting the admin so they can be caught and charged.

      the software to monitor keystroke patterns has been around for a long time, and is an unbeatable defense, as every person has a different pattern to how they use the keyboard. the software can be setup to compare pattern to every legal user of the systems, and take appropriate action if it’s another employee using the workstation, or if it’s someone completely un-authorised.

    • #3059739

      A few ideas about this

      by jdclyde ·

      In reply to Password dummy

      First, if you have taken even a basic admin or security class you have learned all the problems with passwords. People write them down. People pick their pets or kids or something. People give them out. They can be cracked.

      But who do we hear this from the most? The people that want to SELL the latest, greatest, wizbang that will save us all. Tokens, biometrics, all sound like good products but is the data to support the costs unbiased or does it have a vested interest in you going with a system like this?

      I have heard so many people that have a solution to sell me, and each one is better than the rest. I know this, because they told me so.

      • #3059722

        true.

        by jaqui ·

        In reply to A few ideas about this

        at least my solution as suggested isn’t new tech, it’s implement what’s been available for years.

        • #3059705

          How would it handle

          by jdclyde ·

          In reply to true.

          when I am doing something else at the same time and type one handed so I don’t have to put something else down? Like food or phone (or porn?) ;\

          Not up on the keystroke patterns.

          This would be like the voice recognition software that didn’t work if you had a cold?

        • #3059663

          well,

          by jaqui ·

          In reply to How would it handle

          you could actually increaese the db size for it and have people use the keyboard under different conditions so there is a baseline for most situations.

          the ideaa behind it is that eveyone will have some keys they are slower in hitting, faster on some, harder on others…
          even one handed this basic pattern is still there.

          I remember when I was learning computers back in 81-82, typing one handed at 45 words per minute.. programming in r/t in hex. 🙂
          can you guess which keys I am fast at hitting? ~L~
          I know that no one solution is perfect, but this one has the potential to keep intrusions down much more than the password model does.

          the biggest drawback is that it must be running on every client to work.
          ( network access denied if it’s not running will keep a lot of hack attempts from getting through even if they have broken the other safeguards. )

        • #3059640

          Special keyboard?

          by jdclyde ·

          In reply to well,

          you mentioned hitting some keys harder. Is this a special keyboard?

          I thought you were just talking about software running on the pc.

          Guess I will have to get off my a$$ and read up on this.

        • #3059662

          No perfect solution

          by dc guy ·

          In reply to How would it handle

          Security is always a balance between false positives and false negatives. You have to err on the side of locking out an authorized user for obvious reasons.

          With typing cadence people will soon learn to sit down and type normally, especially after you tell them that and they still try it one-handed, standing up, in the dark, drinking coffee, with the cat trying to get their attention.

          Password programs are becoming more draconian, they already require a mix of upper case, lower case, and numerals. It won’t be long before they have to be of the form A9#9#A. Then of course we’ll all forget them, especially since they force us to change them every 90 days.

          Passwords just can’t provide the security we need without overwhelming the security staff with requests for new passwords, a situation which creates quite a risk exposure of its own.

          I predict that biometrics will replace them. Voice prints have the problem you already identified. Your retinas can be removed and stolen if this is a James Bond scenario. Personally I think typing cadence is probably the best way to go.

        • #3059635

          removing retinas

          by jdclyde ·

          In reply to No perfect solution

          They have the ability now for retina and fingerprints to tell if the person is dead or not, just for that reason. Fingerprints? Just take the finger or hand. Doesn’t work.

          Imagine the joyful people that designed that?

          The best I have heard of is where they use a camera and the computer does calculations based on your face and an image stored in the database. In use by the feds now, and I think they even use this in casinos to identify cheats.

        • #3059629

          Biometrics

          by neil higgins ·

          In reply to removing retinas

          Read this CNN story on biometric security:

          http://www.cnn.com/2005/TECH/08/29/transforming.biometrics.ap/index.html

          *Thanks to jd and DC for pointing me in this direction 🙂

        • #3059544

          No perfect solution

          by andrew06 ·

          In reply to Biometrics

          I also feel that the solution of using biometric devices such as keyboards and mice will always be susceptible to things like plastic tape and laminate material. I think that blood samples and DNA would still be hackable but would be extremely HARD.

    • #3134357

      use an encrypted list on a PDA

      by techmail2 ·

      In reply to Password dummy

      I wrote my own “password keeper” for my Palm. There are a number of commercial/shareware versions, but none matched the way I work. My program is currently at version 5 and hasn’t had any changes in a year – so it’s apparently what I wanted 😉
      If you have a Palm, you can download a copy here: http://www.jecarter.com/passbank/files/passbank.prc

      John

Viewing 2 reply threads