New Approach to Keep Passwords Safe
2012 was a big year for large-scale password hacking. Multiple horror stories hit the news in rapid succession, finally culminating in 6.5 million LinkedIn passwords being stolen and publicly released. Whether it's business laptops containing master password files being forgotten in cafes or highly sophisticated cyber-attacks perpetrated by well-funded crime organisations and even foreign governments, it seems no password is safe.
Enter RSA, one of the original pioneers in software encryption, and their new scheme to keep you and your clients safe. The setup is technically called threshold cryptography, and while it has been quietly making the rounds in research papers and high-level cryptography lectures, this is the first commercial implementation. RSA, however, calls their system "distributed credential protection", and it's clear why.
The system is deceptively simple, and addresses a fundamental problem with standard password storage. The problem is that in order for password verification to work, encrypted copies of the password need to be stored in a central location. This storage bank is vulnerable to traditional attacks, and once it has been compromised, the entire cache of passwords can be decrypted and used. Since most people reuse their passwords across multiple accounts, this can create a massive opportunity for fraud, identity theft, and worse.
RSA's Distributed Credential Protection circumvents this security hole by simply breaking up the passwords and storing the pieces in separate locations. While it sounds like simple common sense, it is actually a rather difficult cryptographic feat, since in order to avoid a single point of attack, the pieces can't even be brought together to verify credentials.
So what is the advantage of having the pieces stored in different locations? Besides the obvious, two computers are more difficult and take more time to hack than one. The scheme allows system admins to store the pieces on a variety of machines running a variety of software. One half can be on a Linux-based server, for instance, while the other half can be on a Windows machine. Since different operating system and software configurations have different security concerns and available exploits, the odds of criminals being able to access both parts of the password are greatly reduced.
Of course, no password protection scheme is perfect, and the weak point is always the end user, so as always we urge all of our readers to:
- Use passwords composed of at least 8 characters, alternating upper case, lower case, numbers, and symbols
- Don't reuse your password across multiple sites
- Change your passwords regularly
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience
having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.