authentication
Since the advent of the computer network, companies have faced a dilemma between providing easy access to their users whilst providing security against unauthorized access. Traditionally organizations have used user names and passwords to achieve both aims. In reality, most passwords can be easily guessed or cracked, which has necessitated the introduction of passwords of increasing complexity. Whilst these measures do improve security they decrease the ease with which users can access network applications.

Like any security measure which complicates the users' experience they find ways of avoiding it. Our security audits regularly uncover complex passwords on post it notes, under keyboards or on monitors, to the detriment of a stringent password policy. Users who don't record their passwords often forget them, resulting in costly calls to the helpdesk for password resets.

During penetration testing it is standard practice for us to call the helpdesk of a clients company pretending to be remote user who has forgotten their username and password and request a reset. The reset then allows us to authenticate normally and go about finding and cracking the administrator password, giving us full control of the client network. If we can do it so can a hacker.

The products, which we have selected, are the best in class for two-factor authentication and can stop this risk. If you desire some can be integrated to form part of a strategic identity management strategy incorporating three factor biometrics and smart cards.