RSA simple password-protection to stop hackers

RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them.

Yahoo's massive data breach contains Gmail, Hotmail, Comcast user names and passwords

This year has seen a large number of password hacking exploits, including those against Yahoo, dating site eHarmony, and e-commerce site Zappos. The password-protection software, called RSA Distributed Credential Protection (DCP), was designed to make cyberattacks targeting large numbers of stored passwords more of a challenge, according to Liz Robinson, RSA senior product marketing manager.

"It scrambles, randomizes and splits passwords, credentials and PINs," she says. DCP splits password information into halves that are supposed to be stored separately, and during an authentication process, the two halves are compared. Storing split passwords separately means "we're forcing the attacker to break two locations," she points out, by eliminating a single, primary point of compromise.

RSA DCP, which costs about $150,000, will ship at year end in the form of a virtual appliance for VMware-based networks. It will work with passwords held in either unencrypted form, or passwords that have been hashed and salted through an encryption process. DCP allows for on-demand re-randomization of the DCP-scrambled and split passwords.

However, there will need to be attention paid to availability issues associated with DCP in the password authentication process since it has to rely on correct information obtained from two separate places in the network rather than one, thus potentially raising risk that a network malfunction could impact the process. Robinson acknowledged that, and said RSA is advising customers that use it to ensure DCP is working in high-availability, redundant environments.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers

Google will push mobile app installs in search and YouTube

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia