Password Generators for Networks

Keep your data safe and your employees on guard with strong authentication

By Greg Brown

Information technology professionals grimace when you ask about security. For them, the problem is not hackers and malicious code from outside, it's the idiot users they have to let into the network every work day. Ask one: What's the most commonly selected password? Yep, it's "password."

This is serious stuff. Once inside your network, bad guys get access to all kinds of goodies, including personal identity data of your workforce, financial systems and potential valuable trade secrets. Unless you are ready to go back to paper and pencil and a steel safe, it's time to consider beefing up your security system.

Lock down your workstations with serious tech

The state of the art right now is two-factor authentication. Put simply, you need a password and a device, usually a smartcard or password generator, to get access to the corporate network. Using your ATM card and a PIN, for instance, is a kind of simple two-factor authentication.
Try: The next step up for networks is a security token, a keychain device that quickly generates passwords which must be used within a few seconds to work. Manufacturers of security tokens include Aladdin, Entrust, Actividentity, and RSA Security.

Review your mobile data on laptops and handheld devices

Everyone knows the story of the hapless government employee who left the laptop with millions of veterans' profiles on its hard drive in a taxicab. (It was recovered.) What most don't realize is that their key secrets are just as exposed.
Try: Control who has access to what on your employees' take-home computers and devices lockable memory from Safeboot and Utimaco.

Short on budget? Consider a folder or file lock device

A network-wide system is best, but small companies with limited funds should consider locking each machine individually or perhaps just key files or folders.
Try: Software to automate protection of key files is available from Deslock, Information Security Corporation, and PGP, now a big company but the original consumer encryption maker, once known as Pretty Good Privacy.

Lock the entry and exit points for total security

One of the bigger problems, until recently overlooked, isn't baddies trying to get in but the so-called "trusted path," a.k.a your own employees, who think nothing plugging keychain memory drives, digital music devices and other memory disks into their work computers as if they were at home.
Try: Besides viruses and such coming in, there's always a risk of important, even sensitive data walking out the front door on that iPod. A growing industry of endpoint security offerings includes eEye, Safend and Layton Technology.

Dumb down your machines, right away. Your tech manager should have all of your networked PCs set so that ordinary users cannot download or install anything. If not, get this squared away soon.
Don't completely freak out. Employees who hear constantly about information theft and fraud will begin to take things personally, or consider management paranoid. Make a clear data security policy, communicate it once and then enforce it consistently.
The third step in strong authentication -- biometrics devices like finger scanners and iris readers -- are increasingly common. It's probably a bit too Jetsons for now, but talk with your technology folks about when and where to consider this level of protection.