RSA has introduced technology designed to prevent password theft, following months of credential leaks from major tech firms, from LinkedIn to Yahoo, but one of the vendor’s former employees has already given it a dressing down, at the RSA 2012 conference in London.
The service scrambles login information, before splitting it across two different servers, thereby making it particularly tricky for hackers to pilfer passwords.
If a hacker gains entry into one of those servers, they will come up against heavy encryption, but even if they cracked that they could do little with it as the relevant data is split, RSA said. For a successful breach, a hacker would have to break into both servers, almost simultaneously, RSA said.
Businesses can either choose to have both of those servers held in their environment, or one inside their own data centre and another in the cloud.
“RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs,” said Dan Schiappa, senior vice president of identity and data protection, RSA.
“This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.”
RSA may be pleased with itself for innovating, but in reality it is doing nothing new, according to Brian Spector, CEO of two factor authentication provider CertiVox (pictured).
“It still uses the existing username and password methodology, for example, and credentials are still stored, even if they are now split between different locations. Managing two different credential stores is, in itself, likely to create a significant management overhead and storing anything anywhere naturally increases its vulnerability.
“Nor is splitting credentials a new idea – at CertiVox, splitting the master keys has long been integrated into services like SkyPin and SkyKey. However, we use one secret key on the server, without having to split it across boundaries, thus avoiding the management overhead.
“There is no danger of the rest of the user population being compromised, even if the secret key on the server is compromised itself. The RSA approach fails signally on these key points of differentiation.”
How well do you know Internet security? Try our quiz and find out!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…