Sign up for the Security newsletter

Screensavers more secure than network passwords

And forget daily anti-virus updates, claims security firm

By Munir Kotadia on 3 October 2003 09:52

NEWS Activating a password-protected screensaver on users' desktops can provide more protection from unauthorised access than strong network login passwords, according to security firm TruSecure. The company claims organisations are wasting money on expensive security measures and procedures that can actually increase vulnerability to attackers instead of reducing it. Jay Heiser, chief analyst at TruSecure, told ZDNet UK that most unauthorised access occurs inside an organisation because users leave their desktops unattended and unprotected. "When someone sits down at a logged-in terminal they are able to rifle through that user's files and send or read their email. Screen-locking - activating a password-protected screensaver - is one of the most effective things you can do internally," he said. Heiser said that when users are given long and complicated passwords, they are more likely to write them down. "They are going to write them down on Post-it notes next to their monitor or stick them under the keyboard," he said. Research has found that companies are hit hard in the pocket when their employees forget their passwords and call the corporate helpdesk. Earlier this year, analyst group Meta calculated that each of these calls costs the company approximately $25. According to Heiser, regardless of whether passwords are complex or simple, there are lots of tools available on the web that can crack them. A better policy is to use a hardware device, such as a token or smartcard to reinforce access rights. He said: "You always know if your hardware has been stolen but you don't know if your password has been stolen." Heiser also dismissed the practice of updating anti-virus signatures every day because it is a reactive action rather than a proactive one. "There is not a huge difference in updating anti-virus signatures on a daily basis and on a monthly basis. Antivirus software is a band-aid - it isn't worth spending large amounts of time and effort optimising it because there are other ways to reduce risk for a lower cost," he said. Munir Kotadia writes for ZDNet UK

Comments

There is 1 comment. Join the discussion

  1. 1. anonymous

    Ideal solution is madeSafe Vault which is a secure online storage and backup for passwords and data. The encryption is 448 bit and if users all passwords were put in the Vault there would be no worries about post its or anyone finding it. There is whole range of products even worlds first anti-paedophile pk.

    • 23 October 2003 10:22
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters