Like getting cash out of the ATM, soon logging into your desktop computer at work could require swiping a piece of hardware such as a credit card, key fob or cell phone, as well as typing in a pass code.
Separate technologies that will make logging on to networks more secure, were announced by Microsoft of Redmond, Washington, US and Sun Microsystems of Santa Clara, California at the RSA Security conference in San Francisco on Wednesday.
Microsoft says that a technology called SecurID, developed at RSA Security in Bedford Massachusetts, will be integrated with Windows by September 2004. Windows users will be able to log on to a network with a key fob and a six-digit pass code. Sun will demonstrate a similar technology for Linux users at the meeting.
It is convenient “because it relies on both something you know – a PIN and something you have, like a key chain,” says business development manager Michael Atalla of Microsoft. “It’s more than a trend. It is a requirement of today’s environment.”
Advertisement
As hackers become smarter, passwords must get more difficult to guess. This forces users to change passwords every month, or to make them longer and more nonsensical.
But this also makes them more difficult to remember, prompting people to write them down and stick them to their computers. “And once they write them down, they may as well have given them away,” Atalla told Â鶹´«Ã½.
Harder to spoof
Also, hackers are increasingly harvesting passwords on the net. For example so-called key-logging software that records the characters that are typed into a keyboard on a computer and sends them back to a virus writer were transmitted by the virus My Doom in January 2004. Hackers also steal passwords by writing programs that guess them, explains Stephen O’Grady of industry analyst firm Red Monk in Bath, Maine.
A piece of hardware not only adds a second layer of security, it is also harder to fake remotely. “Hardware is harder to spoof and harder to crack,” says O’Grady.
But O’Grady warns that there could be privacy concerns associated with greater authentication. “If you look a couple of years down the road, web sites could take advantage of knowing your identity on the desktop,” he says. “It could be that you no longer have the ability to surf the net anonymously, depending on how the technology is implemented.”
Consumer PCs
The Sun system requires that a user reveal a unique identifier to the computer network. The vision is that one day users will swipe the SIM card from their cell phone or their java-enabled credit card into a reader attached to the PC and then log in as normal with a password.
The RSA Security key fob presents less of a security risk, says Atalla, because there is no unique identifier. Rather the password that it produces changes every 60 seconds but is integrated with the computer so that it can be recognised.
Although both technologies are currently being targeted at businesses, O’Grady says they could one day migrate to consumer PCs. He points out that as people store more personal information on laptops and increasingly carry these devices around with them, they will also be more eager to secure them.
