When it comes to access, authentication and logon - are you still using simple passwords? You know, minimum six characters (or even four), case insensitive, no requirement for mixed alphanumerics or special characters.

As security expert Bruce Schneier said in this magazinein the spring: "Passwords just don't work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there's an upper limit to how complex a password users can be expected to remember."

I'm bringing this up because Sun recently announced it would be donating its enterprise single sign-on (ESSO) technology to the open source movement.

The OpenSSO project, if it follows the trend of other major open source projects, should lead to very workable, easily implemented and very inexpensive ESSO. That means if you don't already have an ESSO project implemented or in planning, you'll soon be facing enormous pressure to do so.

ESSO is a tempting technology. We want to make passwords stronger by requiring longer strings of mixed-case letters and numerics with a special character or two thrown in.

But users who can't remember multiple simple passwords have no hope of remembering multiple complex passwords. Either they'll write them on notes that they tape to their monitor - or, here's a sneaky trick: on the underside of the desk blotter. (I wonder where their spare front door key is!)

A good ESSO package allows you to have a single password in order to access the resources and services on a network. Of course, if there's only one password needed to access all of a user's privileges, then it should be particularly strong. But strings such as Asdf2%Wssd43!!AZgf will not be remembered by users. So it's time to think about strong authentication based on one-time passwords, smart cards/proximity cards or even biometrics.

There have been major advances in these areas over the past few years, so recheck if you dismissed them as either too pricey or unworkable some time ago.

If you're into open source, then check first with the Initiative for Open Authentication (OATH). There is lots of information, pointers, protocols and specifications to get you started on the road to the strong authentication that will be necessary for your ESSO environment.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports