BOSTON (05/15/2000) - Despite causing support and security headaches, passwords are still overwhelmingly the means by which users are authenticated on corporate networks. But at the Networld/Interop 2000 show in Las Vegas last week, Novell Inc. and Microsoft Corp. pushed alternative authentication methods.
Passwords that are scribbled on bits of paper or forgotten create problems for network administrators everywhere. In his Networld/Interop keynote address, Microsoft Chairman and Chief Software Architect Bill Gates called them the "weak link" in network security.
Two weeks ago, Microsoft said it would include the Biometric Application Programming Interface (BAPI), which it acquired from I/O Software Inc., in a future version of Windows. But Gates' keynote focused on smart cards, which are already supported in Windows 2000. He said smart cards will become the primary means of authentication in corporations.
Gates predicted, "Over time, every keyboard, every physical access within a corporation, will be based on having a smart card, or a smart card plus password." A smart card is a credit-card-size card that has a computer chip embedded in it.
Novell is taking a more diversified approach. The company announced the availability of a software layer that lets corporations combine multiple authentication technologies - from Novell and third parties - to implement "graded" access policies. The offering is called Novell Modular Authentication Service (NMAS) Enterprise Edition.
"User name and password is probably not going to suffice in the future," agreed Lee Roth, a LAN and security services manager at Southwest Airlines Co. in Dallas. "But whether it's going to be smart cards or biometrics, that's something that still needs to play out."
Roth is using authentication devices from ActivCard Inc. for some users. But such an approach is difficult to extend to all of his 27,000 users, most of whom are accessing the corporate network over the Internet.
"If you have to reach out and physically touch 20,000 people, that's a major obstacle," said Roth, who is going with digital certificates instead. He said he is considering using Novell's NMAS.
Smart cards solve one category of problems, said Frank Prince, an analyst at Forrester Research Inc. in Cambridge, Massachusetts, but they create new potential headaches. For example, a user who lost or forgot his card but still needed to log on to the network would have to call for assistance.
Jeff Wreyford, a project engineer at Smartmart Inc. in Memphis, said he's confident that smart cards will save him money. He's building a customer service center for a chain of drive-by, unattended convenience stores that will link customers and service representatives via videoconferencing links.
Customer service representatives will use smart cards to enter the building and log on to their Windows 2000 workstations. The cards will record how long each representative stays at his desktop. Wreyford said he believes savings will come from lower support costs and better control of payroll.
Roth said he expects no savings from rolling out digital certificates. "This is going to cost us money," he said. "But what's the price of security?"