Passwords and security risks are a major concern for a lot of growing businesses today, especially those who have or hold access to sensitive information such as police stations, court houses, hospitals and clinics. Many of these organizations use some sort of directory system like eDirectory or Active Directory to maintain their users’ authentication and authorization into the internal network and various databases. Each organization also maintains the password policies for their users (i.e. Expires every 45 days, Must be 7 characters, Must have one number, etc…). With a growing number of applications follows an increased number of passwords, which poses difficulties in managing.
It is common for people to write down their current password somewhere which makes losing it or having it stolen a higher risk for the security of the system. Brute Forcing of passwords is another risk of environments that solely rely on passwords for access to their systems. Brute Forcing is simply guessing the password, which has a high success rate because it’s common for people to use default passwords. Social Engineering to guess passwords is also growing to be a serious threat for systems protected only by user created passwords.
The CJIS Mandate is being put into effect for federal agencies that utilize federal resources to protect sensitive information from threats like the ones listed above. Two-factor authentication requires "something you have" and "something you know" in order to access the system. This eliminates the risk of only needing a password to gain access to important databases. Most agencies are already using some sort of smart card technology to access buildings, parking garages, and specific equipment. By utilizing biometric authentication or smart card authentication, organizations can add a layer of protection limiting improper access to domain resources and environments.
Thank you for your time in reading my blog about the risks of managing an environment solely protected by passwords. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.
Vendors such as HID naviGO and Authasas have great software solutions to meet advanced authentication specifications. Read more about Authasas and the features it provides in Authasas: Software for Strong Authentication. To learn more about the CJIS Mandate and HID naviGO's features, check out CJIS Advanced Authentication Requirements and naviGO Software.
I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and password management, visit our website. To contact us directly, please click here. We look forward to hearing from you.
The Benefits of Using HID to Secure your Company
Becoming Compliant with the CJIS Security Policy
What is IDM?
View More...
Still have questions? Contact us!
Be sure to follow us on Twitter!
Learn about Password Management and CJIS Compliance!
No comments:
Post a Comment