Why it’s time for the password to die

Our weekly roundup of interesting stories online including a bug that affects the ‘things’ in the Internet of Things and a new report that details just how bad we are at managing passwords.

Share this article:

Blue Monday has come and gone — but it was new product platforms, worrying security research and interesting policy changes that topped the headlines this week.

Major bug rattles Linux community

It was a busy week for cyber-security watchers. Security researchers found a scary bug that threatens the Linux operating system. The flaw, introduced three years ago, allows attackers to inject executable code into the OS keyring, which is used to store encryption keys, authentication tokens and other security credentials. The bug could be used to get root access to local servers, break out of mobile application sandboxes and control underlying operating system functions — and to undermine embedded Linux distributions that run in millions of devices (that’s a lot of the “things” that comprise the Internet of Things in trouble, then). Google later downplayed the significance of the bug on Android phones.

Intel sharpens wooden stake for passwords

Speaking of security, two other stories this week couldn’t have been better timed. A new report came out detailing once again just how bad we are managing passwords. Password management firm SplashData published a self-serving analysis listing the most commonly used passwords, gleaned from plaintext dumps of 2 million passwords found online. The top three: 123456, password and 12345678. Just like last year. The report proves once again that it really is time the password died altogether.

And last week, Intel moved us one step closer to that reality with embedded multi-factor security on its newly announced sixth-generation Core vPro CPUs. These PC-focused chips will ship with Intel Authenticate, which stores user credentials at a low level on the chip hardware. It will store three types of credentials: biometric information, a user-provided secret such as a PIN, and proximity to the device itself, so it can sense when the user’s smartphone is nearby and use it as a signal to unlock the system.

Microsoft tightens thumbscrews on Windows support

While Intel puts new functions into its processors, Microsoft is going one step further — and choking off support for older versions of Windows altogether in new silicon. The software giant has changed its policy for operating system support by refusing to support older versions of its operating system in device drivers and firmware. This means that next-generation processors from the likes of Intel and AMD will require Windows 10 if they are to work properly — or in many cases, at all. Intel’s Kaby Lake successor to the Skylake architecture, scheduled to ship in the second half of this year, will only support Windows 10. Microsoft will support Windows 7 and 8.1 on select devices, but Skylake-compatible updates will shrink to only the most critical after July 2017.

Best of expertIP

What’s cool, futuristic and almost impossible to tell if you’re getting value from? It’s videoconferencing, according to Stefan Dubowski. The blogger wrote about the difficulty in measuring the return on investment from videoconferencing systems, based on a study from Nermetes Research. Companies have traditionally gauged ROI by checking their travel bills, he explained, but that won’t cut it anymore. They’re looking for more subtle indicators, such as employee performance. That can be a lot harder to do, which is why he said senior managers often dismiss it as a gimmick. But dismissing it altogether risks foregoing what could be a useful, productive business technology.

Image courtesy of Free Digital Photos

Share this article:
Comments are closed.