Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process. Password hardening may take the form of multifactor authentication, by adding some component to the username/password combination, or may be policy-based.

Here are a few variations on password hardening:

• Biopasswords utilizes Flash plug-ins to measure keystroke dynamics, such as a user's typing speed and how long the keys are held down. This procedure generates a distinctive biometric value that is very difficult to counterfeit.
• A company called Bharosa (since acquired by Oracle) developed a method of password hardening that presents the user with a new image of a scrambled keyboard for each login. The user clicks password characters with the mouse. This method protects users against malicious keyloggers.
• Policy-based password hardening typically involves practices such as enforcing strong passwords and requiring users to change their passwords frequently.

Password hardening is often said to be one of the most neglected -- and most important -- components of securing the enterprise.

23 Jun 2008