RSA has introduced technology designed to prevent password theft, following months of credential leaks from major tech firms, from LinkedIn to Yahoo, but one of the vendor’s former employees has already given it a dressing down, at the RSA 2012 conference in London.
The service scrambles login information, before splitting it across two different servers, thereby making it particularly tricky for hackers to pilfer passwords.
If a hacker gains entry into one of those servers, they will come up against heavy encryption, but even if they cracked that they could do little with it as the relevant data is split, RSA said. For a successful breach, a hacker would have to break into both servers, almost simultaneously, RSA said.
Businesses can either choose to have both of those servers held in their environment, or one inside their own data centre and another in the cloud.
“RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs,” said Dan Schiappa, senior vice president of identity and data protection, RSA.
“This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.”
RSA may be pleased with itself for innovating, but in reality it is doing nothing new, according to Brian Spector, CEO of two factor authentication provider CertiVox (pictured).
“It still uses the existing username and password methodology, for example, and credentials are still stored, even if they are now split between different locations. Managing two different credential stores is, in itself, likely to create a significant management overhead and storing anything anywhere naturally increases its vulnerability.
“Nor is splitting credentials a new idea – at CertiVox, splitting the master keys has long been integrated into services like SkyPin and SkyKey. However, we use one secret key on the server, without having to split it across boundaries, thus avoiding the management overhead.
“There is no danger of the rest of the user population being compromised, even if the secret key on the server is compromised itself. The RSA approach fails signally on these key points of differentiation.”
How well do you know Internet security? Try our quiz and find out!
Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…