My stance on passwords is well known – “Passwords are secure, people managing them aren’t.” Whenever I make this claim, some computer security pundits vehemently disagree with me. They bring up technologies like PKI, digital certificates, and all the advanced hardware technology, encryption algorithms and infrastructure. Their arguments are true, but why is all this advanced security technology needed? Answer: to protect the cryptographic keys. Read More→
Multifactor Authentication required by HIPPA & HITECH
Access Smart® adds multifactor authentication to McKesson’s Paragon Hospital Information System (HIS) software. Access Smart’s Power LogOn® application requires no modifications to the Paragon software so integration is fast and easy. With Power LogOn, hospitals, clinics and other health-care providers can now address their HIPAA and HITECH compliance concerns while protecting patient’s private records. “You can’t have the health-care reform act without electronic health records,” says Judy Hanover, a health-care technology industry analyst at IDC. True, but you can’t have privacy without first authenticating who is accessing your electronic health records.
Access Smart analyzed the Paragon HIS software and quickly updated Power LogOn to now auto-launch Paragon, auto fill-in the user name and password fields, and auto shutdown Paragon when the smart card is removed. Furthermore, Power LogOn ties into Active Directory so virtually any computer, network, internet site, cloud and application that requires a user name and password can easily be secured by the same smartcard. Power LogOn can also be added to RFID access control cards for a single card solution. Read More→
A Hewlett-Packard’s white paper “HP ProtectTools: Authentication technologies and suitability to task“, 06/2005, does a very good job discussing the different security technologies available (Passwords, Trusted Platform Module, smartcard USB token, biometric fingerprints and virtual tokens) to authenticate a user to a computer or network. I was particularly drawn to the concluding chart (see below) where it compares the “Level of Security” vs. “Administration Complexity”. Read More→
Microsoft has an online report on creating and managing password security (see below). The suggestions would be funny if password security and cyber-crimes weren’t so serious and destructive to both individuals and businesses. What is also amusing is that Microsoft employees use smartcards to log into their computers and networks. I know because back in 2000 I designed and sold them the combinations physical and logical access employee badge with smartcard.
While I agree with their “Key to password strength”, what Microsoft and so many other companies fail to account for is the human element. Read More→