Corporate Partners

Online threats driving password-management acceptance: Siber

No CSO would be unaware of users' resistance to complex and often arbitrary password-management schemes, but one password-management vendor believes the battle is not yet lost as the slowly-expanding profile of password-management tools gives enterprises large and small the ability to help employees manage a swag of complex online passwords.

Although password-management tools have been around for many years, their relatively small user base has generally been limited to security-savvy individuals and businesses ready to take advantage of high-end password management tools. However, given the growing incidence of high-profile password thefts – and the introduction of mass-market, cross-device password management tools like Apple's iCloud Keychain – the profile of this category of tool is growing steadily.

“Right now the market is still at a fairly immature level,” Bill Carey, vice president of marketing and business development with password-management vendor Siber Systems, recently told CSO Australia. “People are still discovering password managers, although we're definitely seeing it adopted at the corporate and government levels.”

“Enterprises have similar problems as individual consumers have, just on a grander scale,” Carey added. “They're trying to protect all their data with strong passwords, and trying to make their employees remember strong passwords. Password-management tools can be deployed from a centralised location, with a lot of bells and whistles that allow it to be centrally managed as well.”

Using centralised password management, security administrators can send time-limited credentials for users to log into certain services, or even to mask the entire password process behind the interface of tools such as Siber's RoboForm.

“You can have employees clicking on bookmarks but they would never see the actual password for what they're logging into,” Carey explained. “That helps with management when you have to move employees: once you take away RoboForm, the employee never even knows what their password was.”

Such control is becoming increasingly important as enterprises face a growing risk from the systematic theft of what is often millions of passwords. Such attacks have changed the security landscape in recent years, with organisations like Scribd recently warning customers that their passwords were vulnerable and analyses of nearly 2 million stolen passwords confirming that users are still happy to protect their access to key business systems using old-standby passwords that are easily guessed in dictionary attacks.

This puts users at great risk of compromise if they don't become more rigorous in their use of password-management tools: Verizon regional vice president John Karabin, for one, recently told CSO Australia that greater use of such tools was “inevitable” as the breach toll continued to climb.

Given the significant number of Internet users that have yet to embrace password-management tools, the industry is still in a land-grab state, Carey said, with vendors like Apple, Google and others working to enhance their environments with password management features that seamlessly flow between desktop and mobile devices.

Such tools, however, tend to be locked into their respective operating-system platforms – creating opportunities for independent, multi-platform third-party developers as well as creating the future potential for vendors to eventually collaborate on cross-compatibility.

Another key direction for the tools will be the integration of fingerprint-scanning capabilities, allowing the password managers to become repositories for two-factor authentication information.

“Ultimately there are going to be one or two big player that will own the market, and there will be an opportunity to consolidate and have some of the bigger players work together,” Carey said.

“It would be great to work together to make some of these tools interoperable. After all, the whole idea behind all of this stuff is to make everyone's lives easier.”

Join the CSO newsletter!

Error: Please check your email address.

Tags Siber Systemssecuritypassword managementCSOBill Carey

More about AppleBillCSOGoogleSiber SystemsVerizonVerizon

5 Comments

Sammy Hampson

1

You cannot give your username or password out too anybody as it can be easily hacked,you need to have a username and password that's easy to remember and that no one know's it? put it under private.

Petr

2

That is true. I have started using Sticky Password, which helps me with managing my passwords as well. This is very interesting and important topic to cover and repeat again since people use weak passwords.

ZIgler1

3

It does seem like more and more companies are coming out with password manager tools. I remember when I was using Roboform when it first came out and no one knew about a password manager. Now the market is extremely saturated with password manager apps.

Troy Osgood

4

Great article,

I've been using Roboform since 2004 for sweepstakes and online shopping, everything is set up with a different long, long password and saved in my Roboform. Even when Adobe got broke into I only lost one password instead of all of them. Had this been back in 1999 everything would've been names and numbers and the word password backwords.

Bruce W

5

Been using (and loving) RoboForm for a few years now, with the addition of RoboForm Everywhere in 2010 I am able to access my saved passwords from all of my computers and phone so I have begun using RoboForm to generate unique passwords for each site I visit. My web browsing has never been faster or more secure.

Comments are now closed

Market Place