Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Password policies still too lax in most large companies

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

January 17, 2011

According to a new Symantec study, on average, more than 66 percent of large North American organizations still have not implemented two-factor password authentication policies for the partners and contractors that access their corporate networks.

The report, which polled 306 large enterprises was conducted by Forrester Research on behalf of Symantec. The respondents included companies from both Canada and the United States, with all of the companies employing at least a thousand people or more, and 30 percent of the organizations comprising more than 5,000 people.

In addition to the lack of strong password authentication for business partners, distributors and contract workers, Symantec found that about 87.2 per cent of companies expected their users to remember two or more passwords to access corporate resources.

"More than 64.7 percent of companies had at least six different password policies in place," said Atri Chatterjee, vice-president of user authentication at Symantec. He added that up to half of all IT help desk calls deal with password reset issues.

With more enterprise employees using their own devices to log into the corporate network, Symantec said the importance of access security has reached par with other areas such as firewall and network security. Most companies are dealing with this critical issue, Chatterjee said, by creating large and cumbersome password policies, which isn't always the best solution, he added.

Symantec said the move to two-factor authentication technologies, which forces employees to use a password in conjunction with a software or hardware token, is the most effective way to provide strong access control.

But while two-factor authentication is being used at the majority of large enterprises throughout North America, Chatterjee added that the technology is only used on a very limited basis.

“They roll it out to the finance department or senior management only,” he said, adding that large gaps in two-factor authentication deployment means organizations are only as strong as their “weakest link.”

“Overall, the reaction has been to make password policies a lot more complex, but it has resulted in more difficulties for users, and that is when many of them start cutting corners, which is often the begining of many security issues” he added.

To help businesses, Symantec says it now offers two-factor authentication as a service that can run in the cloud. It also said it can roll out software tokens to all major smartphone brands as well.

Symantec’s new report comes just a few weeks after EMC Corp. released its RSA SecureID Software Token for Android, which allows users to authenticate themselves on business apps using their Android-based smartphones.

For example, when enterprise users are ready to log in to the corporate ERP system from their laptop, they can generate a one-time software token with their Android app that will enable them access. The passwords only last for 60 seconds and are rolled out via RSA’s traditional Authentic Manager software.

Rachael Stockton, manager of product marketing at RSA, said this functionality was highly demanded by existing RSA customers as the growth of Android in the enterprise world continues at a rapid pace. She added that the ubiquity of the smartphone in general makes it a perfect fit to host a software authentication token.

“For the most part, people usually don’t forget their smartphones, so it lowers the support calls,” Stockton added.

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: Symantec.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Do it right this time. Click here and we will take good care of you!


Get your Linux or Windows dedicated server today.