(Page 2 of 2)
Other products perform device authentication without installing software. For example, Threatmetrix, based in Los Altos, CA, gives customers code that can be embedded into Web pages. When a computer loads a tagged page, the system uses Flash and JavaScript to put together information about the user's browser, operating system, and network characteristics. Threatmetrix can then check for irregularities, such as whether the machine is known to participate in a botnet, whether it's accessing the system via multiple accounts, or whether it's taking steps to obfuscate its location in the network.
But Rick Smith, an information-security consultant and expert on authentication, says it's not clear how much device-authentication schemes add to overall security. The main problem, he says, is that device authentication could be hamstrung by efforts to accommodate traveling users, or others who might legitimately use unregistered devices. "The solutions exist," Smith says. "The problem is, in every case, you have to add more mechanisms to make it work."
A specific problem with third-party systems that seek to identify devices, he adds, is that the underlying operating system and hardware on those devices provide ways for attackers to fool the system. Smith notes that some authentication systems have been designed with cryptographic authentication modules in the operating system, or in hardware. He thinks that this approach would provide stronger security, though it might still pose problems for traveling users.
Others see device authentication as a good supplement to passwords. Larry Ponemon, chairman and founder of the Ponemon Institute, says that he expects device authentication to go through "a natural process of adoption, testing, modification, and refinement," but that it "holds a great deal of promise to address an area of real concern to the consumer."
One-time passwords are vulnerable to new hacking techniques.
Companies are increasingly offering security products as services, but is it the best approach?
Who are the experts you talked to about this matter, because a password is certainly not a great alternative with sensitive data or applications and is one of the worst security measure in place today.
I'm not saying that we should remove passwords, but I have a hard time with an "apparent" security expert who would rather rely on passwords than any kind of physical or logical token...
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Marrach
34 Comments
Hardware "Logins"
This is a multi-edged tool.
A MAJORITY of the joe-schmoe/Plain-Jane PC users now have Laptops that they use for everything. So a Hardware/Harddrive map signature would actually work more securely and with less hassle. And considering that these people engage in drive-by installs all the time, an extra bit of ID software is no biggie.
And as a Side-effect, it could(?!?!) have a beneficial effect of cutting down on the use of Work PC's for Personal Shopping/Banking. A small boon for Network Admins.
On the Negative side-- this could be a stumbler for DIY-er's whose machines change at a moment's notice. But this population is Small anyways.
The Bigger Problem #1 will be: What will happen to the User if it's discovered that their Laptop IS part of a Botnet? A lot more home machines are quiet Zombies than people are willing to admit-- even if they are aware of the possibility.
Problem # 2: How will the ID software Protect itself against Both Malicious Hacks and hyper-paranoid software firewalls and Antivirus suites? I can see the ID Software being savaged to bits, not by a russian Botnet sweeper, but by good ole Symantec just as a matter of course. And that means that the developers would have to make code handshakes that would recognize the major consumer grade packages like Macafee, Panda, etc. And even then that little 'Handshake' could be a backdoor to be exploited by itself.
'Cause when you think about it-- a PC that has this extra level of authentication beyong the usual bewildering number of passwords is broadcasting to the wild that it has SOMETHING important enough to hide with this ID software. So this software has to stealth itself as well.
Reply