Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Passwords

Browser Based Password Management

Chapin Information Services recently tested password management features in web browsers. The conclusion seems that none were very good, as the results table is littered with "failed" tests.

First factor security, in the form of passwords, continues to be a threat worldwide (i.e. phishing, man in the middle, simple used passwords and a host of other vulnerabilities). CSI's results show that there is little reason to rely on the locked down browser to provide a competent level of security. This is further evidence of a market need for 2nd factor and beyond. The issue is can you provide an extra layer of security without being intrusive, and deliver it at low cost? 

Thinking out loud, what if a user could rely upon their keyboard biometric to validate them like PGP once did for the distribution of their public key? It would be great to be able to save a bio-key and upload it to a site. Provide a  means to enable each user to prove ownership of their bio-key and have a 48 hr delay with safeguards in place to ensure the bio-key is legitimate. That way when the user revisits Amazon or Ebay for example, they could type in their password and be validated.


Will Downturn in Business Lead To Cost Avoidance And More Account Sharing?

Many large organizations commonly share accounts (i.e multiple users share account passwords or tokens/pins that generate password in order to avoid having to purchase additional user licenses) This has grown with the new shift toward the SaaS model.

As the recession grows, will the need for cost reduction lead to additional account sharing? In many companies the budget cycles are yearly. Given that we are now starting a new year recessionary pressures will lead many organizations to either cut frivolous access to online tools and systems or dramatically cut the number of licenses in use. Are SaaS operations prepared to detect how patterns of access have changed to detect fraud?


Page 5 of 5