We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,960 News Articles

RSA simple password-protection to stop hackers

RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them.

Yahoo's massive data breach contains Gmail, Hotmail, Comcast user names and passwords

This year has seen a large number of password hacking exploits, including those against Yahoo, dating site eHarmony, and e-commerce site Zappos. The password-protection software, called RSA Distributed Credential Protection (DCP), was designed to make cyberattacks targeting large numbers of stored passwords more of a challenge, according to Liz Robinson, RSA senior product marketing manager.

"It scrambles, randomizes and splits passwords, credentials and PINs," she says. DCP splits password information into halves that are supposed to be stored separately, and during an authentication process, the two halves are compared. Storing split passwords separately means "we're forcing the attacker to break two locations," she points out, by eliminating a single, primary point of compromise.

RSA DCP, which costs about $150,000, will ship at year end in the form of a virtual appliance for VMware-based networks. It will work with passwords held in either unencrypted form, or passwords that have been hashed and salted through an encryption process. DCP allows for on-demand re-randomization of the DCP-scrambled and split passwords.

However, there will need to be attention paid to availability issues associated with DCP in the password authentication process since it has to rely on correct information obtained from two separate places in the network rather than one, thus potentially raising risk that a network malfunction could impact the process. Robinson acknowledged that, and said RSA is advising customers that use it to ensure DCP is working in high-availability, redundant environments.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Amazon 3D smartphone release date, price and spec: The hologram phone?

IDG UK Sites

You're never alone with a clone: How the App Store got taken over by copycats

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

The art of rebranding: Creative agency The Neighbourhood explains how & why it rebranded