Dear Bob,
I am writing to you formally in your capacity as CEO of Metaphoronic Corporation, makers of the bioport that I had installed in my lower spinal column last year for direct neural connectivity to my Windows 2010 operating environment. It's been great, by the way: I love the way I can simply think what I want to make the system perform properly. The only problem I've had is what happens when I daydream, but let's not go there.
Today I could not sign into the Web page for the SpinalTap application that makes adjustments to the interface and could not find instructions on getting the password e-mailed to my e-mail account or on how to reset it to a temporary password and get that by e-mail, so I called your help desk to find out what to do.
The very nice agent cheerfully demonstrated that your help desk has no clue how to deal with lost passwords for SpinalTap. She:
Related Content
1) Asked me for my user ID: unacceptable because it began a phone-based process for resetting a password;
2) Asked me one of my verification questions (“What was the last name of the girl who arranged for me to step on her foot on a ski trip in 1963?”): UNACCEPTABLE because it means the authentication data are not one-way encrypted;
3) Read me my old password: UNACCEPTABLE because it means the password file is not one-way encrypted!
Normally, passwords and other authentication data are one-way encrypted: the responses to questions are encrypted and the ciphertext of the response is compared to the stored ciphertext of the correct answer; however, it is difficult (expensive, slow) in practice to regenerate the original cleartext data unambiguously from the stored ciphertext. (See my lecture on cryptography fundamentals if you like.)
Access to the authentication questions, to their answers, and to the passwords implies that the help desk agent(s) can impersonate customers at any time by logging into SpinalTap using their purloined IDs. The damage caused to your company's reputation if one of your employees were to sabotage a customer’s settings and cause serious damage – psychotic breakdown, for example, due to the impression that two-headed lizards were chewing on his left hallux – could be disastrous.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Achieving the impossible: Unlimited application scalability
BT saves more than £15 million and improves customer services with comprehensive Identity & Access Management
Simplify and Secure: Managing User Identities Throughout their Lifecycles
Australian Unity minimizes costs and maximizes productivity with single sign-on for 1,400 users
Radicati Market Quadrant 2008 on Corporate Web Security
Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Discover the advantages of an open architecture multi-vendor network solution
Delivering the Power of Choice with Microsoft Dynamics CRM
Zones provide focussed content from Computerworld and leading technology partners.
Security Management
Protect your critical IT assets, achieve sustainable regulatory compliance, reduce IT administration costs and enable new business opportunities with our IT security solutions.
IT Security as a business enabler?
Download Whitepaper
|
Success Stories
Australian Unity minimises costs and maximises productivity with single sign-on for 1,400 users
Australian Unity needed to address its business and security risks including user management and application security management. The company chose an enterprise single sign-on (ESSO) solution and discovered increased employee productivity, reduced help desk costs and elevated data protection.
Download the full Success Story
BT saves more than £15 million and improves customer services with comprehensive Identity & Access Management
To enable future growth and ensure its services remain competitive, BT needed to build closer relationships with its customers and suppliers. Discover how the company is now performing over 36 million transactions a day with their improved Identity & Access Management Solution.
Download the full Success Story
Identity & Access Management
Simplify and Secure: Managing User Identities Throughout their Lifecycles
Organisations are constantly challenged to keep pace with ongoing changes to users and their roles, responsibilities and requirements. Discover how CA can help you create a unified approach for managing users identities, providing them with timely and appropriate access to applications and information.
Download Whitepaper
Simplify, Integrate and Safeguard Your Business with Secure Web Business Enablement
Modern organisations are required to aggressively expand the number and type of Web applications and services provided to customers, partners and employees. Discover how to automate, delegate and centralise your key processes and services including user administration, access policies, auditing and compliance by reading on.
Download Whitepaper
Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Distributed servers are a powerful asset in any company’s infrastructure. Over time, most organisations have acquired a variety of different platforms and are relying on them to house an increased amount of critical applications, processes and data. Read on to discover how you can achieve a consistently higher level of server access security across multiple platforms including virtual hosts and guest operating systems.
Download Whitepaper
Buying Guides
Buying Guides
