CSO Magazine Takes Me Back To The Early Days Of Passwords
Posted by Brian Milas - CTO on Tue, Jun 23, 2009
CSO Magazine's June 2009 article, Undercover: A Case of Help Desk Failure takes me back to the early days when Courion was working with early adopters of automated password reset solutions.
The article describes how social engineering was used to gain access to another person's password through the helpdesk... highlighting the need (and difficulty) in challenging helpdesk callers with a set of questions that correctly authenticate the individual but yet are easy for the individual to remember.
In the early days of Courion, we heard similar stories about weak authentication processes at the helpdesk. The most memorable was the helpdesk whose reps recognized the voice of the caller... and this was not an isolated case, several companies used this "authentication mechanism".
The article goes on to emphasize the importance of security, compliance, and controls from the perspective of the business rather than just from the IT frame of reference. Security and Compliance should be part of the business, enabling it go move faster... making it easy for a worker to perform their job securely, and difficult to take risky actions.