We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Wed 2 Dec 2009 04:00 AM

Font Size

- Aa +

Password purveyor

Are log-in codes strong enough to prevent unwanted network intruders?

Password purveyor
I truly believe that there is a lag effect and the adoption of authentication in the Middle East is behind. - Jason Hart CEO of IT at CRYPTOCard Europe.

Are log-in codes strong enough to prevent unwanted network intruders?

Try looking at things from the network end-user's point of view. They might not be too switched on to all things IT. They are likely blissfully unaware to the extent of the threats that there are on the internet and their uneducated actions can clear the way for network leaks and intrusions that will see you, the IT manager, out of the door faster than you can say end-point security provisions.

The one consistent thing that stops the internet from being a feeding frenzy for intruders waiting to get at your network is the end-user password. Each end-user has one to log onto the system and each password is alarmingly easy to crack.

"I can compromise a password in less than two minutes. The problem is that once you have compromised a password, it is invisible because the password has allowed you to go in and do what you want," claimed Jason Hart CEO of IT identification and authentication specialists CRYPTOcard Europe.

Hart, who previously has experience working with fortune 100 companies all over the world as an ethical hacker, states that there is a huge and worrying lack of understanding when it comes to just how vulnerable passwords can be, and how that lack of understanding is particularly bad in the Middle East region.

"The only concern that I have is the lag with information security in the Middle East compared to any other country that I am working in, and I pretty much spend all of my time travelling the world, and it seems that the adoption of security per se is at least two to three years - let alone authentication - further behind other countries," said Hart.

"I have spent a lot of time in the Middle East and people want to solve the problem. But it is just talk and nothing is being done about it and I find it absolutely amazing. There is no doubt that the biggest problem is the password one. What are malware, piracy and botnets all after? They are all after one thing; passwords," added Hart.

To solve the password issue organisations can look to employ solutions such as CRYPTOcard's two factor authentication solution or its managed security solutions alongside traditional security such as antivirus protection and end-point security protection.

The vendor has also developed a Software as a Service (SaaS) model for its authentication solutions that is entirely in the cloud and that Hart enthuses would rightly suit enterprises and SMBs in the Middle East region.

"Prior to joining CRYPTOcard I managed to get my hands on the global rights to put authentication in the cloud as an SaaS model. This allows us to basically take the barrier away from any organisation in the world towards having to implement manage and acquire the technical skills. It takes away the complexity and essentially we are the only two factor authentication company in the world to have our SaaS in the cloud solution," explained Hart.

"I truly believe there's a lag effect and the adoption of authentication in the Middle East is behind. If they're looking at the managed services, why don't they just go and look at the SaaS model just like all other countries are?"

CRYPTOcard's main competitor in the market is RSA, the security arm of EMC, which is a well known and strong contender that could possibly stifle CRYPTOcard's march on the Middle East authentication market. Hart however, is adamant that RSA is nowhere near as efficient and strong a proposition as CRYPTOcard is in this arena.

"RSA tokens expire after three years and the biggest cost in any identification and authentication solutions is the ability to fulfill and get the tokens to the user. It's a big problem, but with Cryptocard tokens, they never expire and so once you have a CRYPTOcard token, it never has to be replaced."

CRYPTOcard also claims that compared to the competition it is up to 60% cheaper and technically superior. Perhaps this might see it develop a stronger market here in the years to come. But it could also be led by a significant mood-shift from the IT manager's standpoint to the continual fallibility of the traditional network log-in password.

Arabian Business: why we're going behind a paywall