How many passwords do you have? I know I use between 15-20 on a regular basis. Corporate IT network? Check. Frequent flyer program? Check. Email password? Ditto. On-line banking access? Check.
It’s pretty hard to stay on top of all these passwords, so what do you do? If you’re like a lot of people, you write them down on a note pad stored inside your desk drawer. And you try to use the same password for as many applications as possible. Security industry professionals recognize that these work-arounds violate basic Security 101 principles. They’re easily stolen or hacked.
The Password Problem
Get the Flash Player to see this player.
Upon realizing the security limitations of username and password, industry regulators began calling for stronger passwords. To make password less “hack”-able, my IT group asked me to change my password every 60 days. The password had to be a specific lengths (e.g., more than 12 characters) using a combination of upper and lower case letters, numbers and/or special characters.
This model may have increased the password’s security level, but it also created an entirely new headache. My associates and I forgot the obscure passwords we had created, resulting in a need for increased IT helpdesk support. In the attempt to enhance security, basic user convenience was sacrificed. Does this sound familiar?
At this point, people recognized that while security is necessary for any log-on solution, the security method only works if the end-users follow the policy. Many called for using multi-factor authentication (“something you know”, “something you have”, “something you are”). Vendors chased that market, creating one-time password solutions, contact smart card log-on, biometric log-on and other ways to secure log-on. While some would agree that these solutions addressed the need for security, they were generally seen as expensive, a burden on IT infrastructure and inconvenient for users.
A new approach to log-in security that addresses a) an acceptable level of security and b) a high level of user convenience (and therefore, user acceptance and adoption) is needed.
With HID on the Desktop™, we think we’ve found that new approach. The installed base of 300 million HID cards in use around the globe provides secure access to offices and other sites. Why not use these cards as the second factor for IT authentication? Using a combination of “something you know” and “something you have”, multi-factor authentication can be provided using the ubiquitous corporate ID badge together with a short PIN number.
People are used to presenting their corporate ID badge to a reader to get into the building. So how much of a leap is it to ask them to use it to log-in to their computer? Not much.
With HID on the Desktop, I don’t need to remember passwords anymore. I present my card, I enter my pin and I’m logged on to my PC. Its something I know. It’s something I’m familiar with. I guess I’m dating myself here, but I’ve been using this same model for 25 years to access my bank account through an ATM. And yet, I’m using multi-factor authentication, a far more secure means of IT assurance and security than just user name and password.
A simple solution for network log-in, HID on the Desktop offers user convenience. It offers improved security via multi-factor authentication. It’s simple to deploy and install, using intuitive naviGO™ software. This is the new convergent approach we’ve all been looking for.