Overview
As attackers become more daring and manipulative, information systems that rely on static passwords for security are a major risk factor and are often the key reason that those systems are breached, leaving the organization and its end users open to identity and financial fraud attempts. Thieves target personal information such as static passwords and social security numbers held in organization servers, personal email and accounts to deny, steal, and/or alter proprietary or private information. As the potential financial gain from these thefts continues to increase, the more criminals are focusing on these areas.
Weak passwords and Personal Identification Numbers (PINs) are the major cause for security breaches. It is easy to deduce usernames and passwords/PINs are usually static or shared across multiple accounts, making them easy to break and giving full access to anyone who can crack them. Moreover, many users write down password(s) or PIN(s) and place them in easy-to-find places helping criminals and hackers. Through social engineering (dumpster diving), these passwords are easily discovered. Additionally, more sophisticated technical methods such as password-cracking software, man-in-the-middle attacks, phishing, and packet sniffing are used for password discovery purposes.
Due to the increasingly important information being stored on servers and the cost of insuring against financial losses from identity theft, the hardware authentication devices market is progressing as organizations are looking to protect their information and their clients. Hardware authentication devices can help thwart both of these attack methods by requiring a user to have multiple factors of identification before gaining access to a workstation or network device. This significantly reduces the possibility of theft and prevents the compromise of an entire system due to the loss of a password/PIN.
About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
