Online threats driving password-management acceptance: Siber

No CSO would be unaware of users' resistance to complex and often arbitrary password-management schemes, but one password-management vendor believes the battle is not yet lost as the slowly-expanding profile of password-management tools gives enterprises large and small the ability to help employees manage a swag of complex online passwords.

Although password-management tools have been around for many years, their relatively small user base has generally been limited to security-savvy individuals and businesses ready to take advantage of high-end password management tools. However, given the growing incidence of high-profile password thefts – and the introduction of mass-market, cross-device password management tools like Apple's iCloud Keychain – the profile of this category of tool is growing steadily.

“Right now the market is still at a fairly immature level,” Bill Carey, vice president of marketing and business development with password-management vendor Siber Systems, recently told CSO Australia. “People are still discovering password managers, although we're definitely seeing it adopted at the corporate and government levels.”

“Enterprises have similar problems as individual consumers have, just on a grander scale,” Carey added. “They're trying to protect all their data with strong passwords, and trying to make their employees remember strong passwords. Password-management tools can be deployed from a centralised location, with a lot of bells and whistles that allow it to be centrally managed as well.”

Using centralised password management, security administrators can send time-limited credentials for users to log into certain services, or even to mask the entire password process behind the interface of tools such as Siber's RoboForm.

“You can have employees clicking on bookmarks but they would never see the actual password for what they're logging into,” Carey explained. “That helps with management when you have to move employees: once you take away RoboForm, the employee never even knows what their password was.”

Such control is becoming increasingly important as enterprises face a growing risk from the systematic theft of what is often millions of passwords. Such attacks have changed the security landscape in recent years, with organisations like Scribd recently warning customers that their passwords were vulnerable and analyses of nearly 2 million stolen passwords confirming that users are still happy to protect their access to key business systems using old-standby passwords that are easily guessed in dictionary attacks.

This puts users at great risk of compromise if they don't become more rigorous in their use of password-management tools: Verizon regional vice president John Karabin, for one, recently told CSO Australia that greater use of such tools was “inevitable” as the breach toll continued to climb.

Given the significant number of Internet users that have yet to embrace password-management tools, the industry is still in a land-grab state, Carey said, with vendors like Apple, Google and others working to enhance their environments with password management features that seamlessly flow between desktop and mobile devices.

Such tools, however, tend to be locked into their respective operating-system platforms – creating opportunities for independent, multi-platform third-party developers as well as creating the future potential for vendors to eventually collaborate on cross-compatibility.

Another key direction for the tools will be the integration of fingerprint-scanning capabilities, allowing the password managers to become repositories for two-factor authentication information.

“Ultimately there are going to be one or two big player that will own the market, and there will be an opportunity to consolidate and have some of the bigger players work together,” Carey said.

“It would be great to work together to make some of these tools interoperable. After all, the whole idea behind all of this stuff is to make everyone's lives easier.”

Join the CSO newsletter!

Error: Please check your email address.

Tags Siber Systemssecuritypassword managementCSOBill Carey

More about AppleBillCSOGoogleSiber SystemsVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place