Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for smart cards

Password Managers – Not all the same

Know your Password Manager

enterprise password managerLast week the cybersecurity industry was a buzz about the Boston-based company LogMeIn, Inc purchasing LastPass for $125M. In the different news articles some interesting facts were quoted:

  1.  Only 10 percent of knowledge workers today use a password manager
  2.  Only 37 percent of survey participants use passwords that contain both letters and numbers
  3.  Nearly 64 percent of people who use the Internet deploy the same password for most websites
  4.  Nearly 80 percent of cloud-based services and apps have monitored, sensitive or private information
  5.  35 percent intend to adopt a password manager in the next 12 months

While these are staggering statistics, it’s the last one I want to address. That’s because not all password managers are the same. You need to understand the differences before you deploy. Read More→

You Need Password Authentication Infrastructure

Password Authentication InfrastructureEvery day I read another post, hear another news story, or have another conversation that passwords are insecure and that PKI and digital certificates must replace passwords. Comparing passwords to certificates, or PKI, is not correct because:

  1. A passwords is a single component within multifactor authentication.
  2. Certificates and PKI are a complete infrastructure made up of many different components.
  3. What keeps certificates secure is how their keys are safeguarded, generated, protected, and managed

Read More→

HITECT MultiFactor Authentication for McKesson HIS

Multifactor Authentication required by HIPPA & HITECH

Multifactor authenticationAccess Smart® adds multifactor authentication to McKesson’s Paragon Hospital Information System (HIS) software. Access Smart’s Power LogOn® application requires no modifications to the Paragon software so integration is fast and easy. With Power LogOn, hospitals, clinics and other health-care providers can now address their HIPAA and HITECH compliance concerns while protecting patient’s private records. “You can’t have the health-care reform act without electronic health records,” says Judy Hanover, a health-care technology industry analyst at IDC. True, but you can’t have privacy without first authenticating who is accessing your electronic health records.

Access Smart analyzed the Paragon HIS software and quickly updated Power LogOn to now auto-launch Paragon, auto fill-in the user name and password fields, and auto shutdown Paragon when the smart card is removed. Furthermore, Power LogOn ties into Active Directory so virtually any computer, network, internet site, cloud and application that requires a user name and password can easily be secured by the same smartcard. Power LogOn can also be added to RFID access control cards for a single card solution. Read More→

Chicken Little Warns About Network Access Authentication

Network Access Authentication

Copyright: Walt Disney Productions

USB Smart Card Readers for Network Access Authentication are Still Safe.

A number of online computer news sites are abuzz about a security team’s prototype malware that hijacks USB smart card readers. It seems that a research team out of Luxembourg has issues a “Proof-of-Concept” malware attack that can take over your USB smart card reader. While any malware notice is important and needs to be monitored, business may be wondering the severity of the attack and if they need to rip out their smart card infrastructure because their network access authentication is in jeopardy.

Here are my thoughts:

  1. This is only a proof-of-concept and not a deployed attack.
  2. Every piece of computer hardware and software are susceptible to malware.
  3. Security relies on many barriers and layers. If you’re vulnerable to one attack you probably are vulnerable to many others.
  4. If the computer is vulnerable to malware, then other more dangerous programs will more likely be installed like key loggers or the Zeus Trojan Horse. In that case there is probably no need to attack the smart card since these other programs are far more destructive.

Conclusion:

Companies don’t need to rip out all their smart card readers and replace them with the expensive keypad ones. Smart card reader companies will look into the potential malware vulnerability and make whatever driver modifications necessary. IT needs to keep an eye out for any driver updates and install them.

Finally, security has many levels and points of attacks. If you are concerned about your company’s vulnerability then contact a consultant and ask for a security assessment. We list some leading companies on our site under the partners tab.

Add MultiFactor Authentication to Paragon® Hospital Information System

multi-factor authenticationMultifactor Authentication required by HIPPA & HITECH

Access Smart® adds multifactor authentication to McKesson’s Paragon Hospital Information System (HIS) software. Access Smart’s Power LogOn® application requires no modifications to the Paragon software so integration is fast and easy. With Power LogOn, hospitals, clinics and other health-care providers can now address their HIPAA and HITECH compliance concerns while protecting patient’s private records. “You can’t have the health-care reform act without electronic health records,” says Judy Hanover, a health-care technology industry analyst at IDC. True, but you can’t have privacy without first authenticating who is accessing your electronic health records.

Access Smart analyzed the Paragon HIS software and quickly updated Power LogOn to now auto-launch Paragon, auto fill-in the user name and password fields, and auto shutdown Paragon when the smart card is removed. Furthermore, Power LogOn ties into Active Directory so virtually any computer, network, internet site, cloud and application that requires a user name and password can easily be secured by the same smartcard. Power LogOn can also be added to RFID access control cards for a single card solution. Read More→