|
Safe Mode: Danger Zone
While strong authentication seems failsafe, nearly all of these systems may be bypassed entirely or critically hindered by using a computer's "safe mode."
If an attacker can gain access to the desktop and run a disk editor of any type, he can search for user names and passwords that are commonly left by the authentication software in the paging or temp files of Microsoft Windows. Once he has the user name and password, he can log in as the user with whatever multifactor authentication system is deployed. Unfortunately, users often store their tokens or other authentication devices with their computer, making it easy for an intruder to gain access.
Additionally, the vendor-supplied software of a strong authentication solution must work seamlessly with your network client software. This is easy using Microsoft, but it has the greatest page file leaks. Novell, Sun Microsystems and others are not supported as well by security vendors, but tend to be more secure because they use different network authentication mechanisms.
The Time is Now
Without a doubt, strong authentication can be expensive, depending on the chosen technology. But losing 20 percent or more of your share value due to a loss of consumer confidence when an executive's laptop is stolen and thousands of private data records are exposed is even more costly.
Authentication technology has improved greatly over the past two years and will continue to do so. The associated software continues to be a source of failure, though it is also improving. The total cost of ownership due to administrative costs is still too high, but is dropping.
The regulations are in place, and it is time to provide our businesses and clients with a stronger sense of security via better authentication.
|
