Weigh­ing the risks and ben­e­fits

RISKSA Magazine - - Medical -

Van de Cool­wijk be­lieves there is value in mak­ing use of pass­word man­age­ment sys­tems. “The ef­fec­tive­ness of such sys­tems is how­ever, heav­ily de­pen­dent on how it’s im­ple­mented, used and man­aged.” Depend­ing on the pass­word man­age­ment sys­tem, Van der Cool­wijk says there are a num­ber of ben­e­fits. Apart from se­cure stor­age of pass­words, defin­ing more com­plex pass­words and the abil­ity to en­force pass­word pol­icy re­quire­ments, po­ten­tial ben­e­fits also in­clude the as­sign­ment of ac­count­abil­ity. He says that pass­word man­age­ment sys­tems could be used to man­age au­then­ti­ca­tion onto ap­pli­ca­tions and servers. This is par­tic­u­larly im­por­tant for sen­si­tive shared in­for­ma­tion, such as sys­tem ad­min­is­tra­tion ac­counts. He ex­plains, “The pass­word man­ager could be used to in­ter­face and change the pass­word for the ac­count on a pe­ri­odic ba­sis and per­form au­then­ti­ca­tion onto the sys­tem for the ad­min­is­tra­tors. This means that the logs on the pass­word man­ager can be used to de­ter­mine which user au­then­ti­cated onto the server or ap­pli­ca­tion with the shared ac­count.” Boshoff, how­ever, be­lieves that the pass­word man­age­ment ap­pli­ca­tion has the abil­ity to in­crease your at­tack sur­face. “On one hand, they are use­ful when re­quir­ing some­thing like priv­i­leged user ac­cess to servers on ad­min­is­tra­tive lev­els when no pass­words are shared. On the other hand, they could give at­tack­ers the abil­ity to au­then­ti­cate on your be­half, with­out you even know­ing, like online bank­ing or pay­roll ap­pli­ca­tions.” Van de Cool­wijk says that any of the po­ten­tial risks in­volved with pass­word man­age­ment apps re­late to how they are im­ple­mented. Some of these risks in­clude the pass­word man­ager app be­ing com­pro­mised re­sult­ing in the col­lec­tion of pass­words stored within the com­pro­mised app. “Some pass­word man­agers can be con­fig­ured to au­to­mat­i­cally fill in pass­words on web­sites. This is a dif­fi­cult thing to se­cure and could re­sult in pass­words be­ing com­pro­mised by the pass­word man­ager be­ing tricked into

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.