Mobile Device Management     |     Data Security: Biometrics and Encryption    |    Biometric Door Locks     |     More....

    Articles

Passwords and the Human Factor by Terrence F. Doheny, President of Beyond If Solutions

An Application of Biometric Technology: Fingerprint Recognition by Ravi Das, President of HTG Advance Systems.

Open Sesame - Password Security by Terrence F. Doheny, President of Beyond If™ Solutions.

Biometrics and “Return On Investment” by Terrence F. Doheny, President, Beyond If Solutions

Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through “Social Engineering.”  People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password shared with a forgetful employee can compromise an entire system.  In more ominous cases, a con artist or hacker can phone a naïve employee and present themselves as a senior executive or help desk employee to obtain that persons password.  People have also been duped by callers claiming an emergency, cajoling or even threatening the employees job if a password is not supplied.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with periodic reviews of the company policy. There can also be frequent reminders such as banners or other notices regarding password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T., human resource, and legal departments. Written policies should be a part of the employee’s introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company’s liability in many legal actions. To work, a policy must have “teeth”. There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning to termination or even notification of law enforcement.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written, enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

(Top)

  An Application of Biometric Technology: Fingerprint Recognition - The Science Behind Fingerprint Recognition

The first step in fingerprint recognition is known as "image acquisition". In  this part of the process, a user places his or her finger on a platen (also referred to as a scanner), which is located on the top of most fingerprint recognition devices. Numerous images of the fingerprint are then captured. It should be noted that during this stage, the goal is to capture images of the  center of the fingerprint, which contains many of the unique features. All of the captured images are then converted into black and white images.

The second step in fingerprint recognition is the location and determination of unique characteristics of the processed fingerprint image. The fingerprint is  composed of various "ridges" and "valleys" which form the basis for the loops,  arches, and swirls that you can easily see on your fingertip. The ridges and valleys contain different kinds of breaks and discontinuities. These are called  "minutiae", and it is from these "minutiae" that the unique features are located  and determined. There are two types of "minutiae": (1) Ridge endings (the  location where the ridge actually ends); and (2) Bifurcations (the location where a single ridge becomes two ridges).

The third step in fingerprint recognition is that of template creation, based  upon the unique features found in the "minutiae". The location, position, as well as the type and quality of the "minutiae" are factors taken into  consideration in the template creation stage. Unlike iris recognition technology in which there is only one primary vendor (and thus only one set of algorithms), fingerprint recognition technology consists of many vendors (and thus, many more algorithms). As a result, each type of fingerprint recognition technology has  its own set of algorithms for template creation and matching.

The fourth and final step of fingerprint recognition is template matching. This is where the system will either attempt to verify or identify you, by comparing the enrollment template against the verification template.

There are three main technologies available today for the capture of fingerprint images:

(1) Optical technology-this is the oldest and most popular form used for image capture. Essentially, a camera (located in the fingerprint recognition device) takes raw images of the fingerprint. (2) Silicon technology-a silicon  chip is used, and the capacitive characteristics of the fingerprint are captured into images. (3) Ultrasound technology-

Basically, an ultrasound image of the fingerprint is captured. This  technology has been proven to work better than the other two, because it can  penetrate through different types of fingerprint dirt and residue.

(Top)

 Open Sesame - Password Security

“Open Sesame!” is probably the most famous password in literature. It gave Ali Baba access to vast treasure.  In the realm of technology, computer passwords also give access to valuable treasures: precious business and personal data.

Information about your personal life, buying habits, credit quality and life style is valuable to those who can profit from it.  For the Corporation, information has even greater worth.  It is not the “Bricks and Mortar” but the intangibles such as intellectual property, client lists, market strategies, pricing and compensation that account for over half the value of the modern enterprise.

All of this personal and business data most likely resides on a database somewhere and is available with a password.  In fact, passwords are the most common means of entry in any system. They are also acknowledged as the most vulnerable points for security. “Weak” or compromised passwords are the easiest way for hackers to gain entry into a system. Simple or short passwords can be easily discovered through “brute force” or “dictionary” attacks which concentrate intense computer power to crack a password. A two letter password, for example, has only 676 combinations. A password with eight letters offers more safety with 208,000,000 combinations.

Ideally, a password should consist of 8 or more characters. They should also contain a mixture of upper and lower case letters, symbols and numbers. “A$d3B5i9X” would be an example. Microsoft security has encouraged the concept of the “Pass Phrase” as an alternative. A phrase such as,”TheLastGoodBookUBoughtCost$25!” has all of the needed elements and is also easy to remember.

The human factor or social engineering contributes to password compromises. It is estimated that employees share their password eight times a year. Passwords can also be cajoled from untrained or naïve workers. The standard rule is NEVER share a password. Remember the cliché of the “Six Degrees of Separation.” You cannot know who will eventually end up with your password and own it.

To cope with these issues, many leading edge firms are adopting a in-depth defense strategy utilizing three elements to better safeguard their information

The three layers of authentication consist of:

Usage of these three defensive measures will increase dramatically in the future as people seek to thwart ever increasing threats to their private and personal information. Many companies will be mandating them as a significant part of their security best-practices to safeguard an extremely valuable asset: their treasured data.

(Top)

Webmaster’s Email

The Beyond If™ trademark is the property of Beyond If™ Corporation   ©2008 Beyond If™ Solutions, LLC  All Rights Reserved