Categories: SecurityWorkspace

RSA 2012: RSA Launches Protection Against “Smash And Grab” Password Theft

RSA has introduced technology designed to prevent password theft, following months of credential leaks from major tech firms, from LinkedIn to Yahoo, but one of the vendor’s former employees has already given it a dressing down, at the RSA 2012 conference in London.

The service scrambles login information, before splitting it across two different servers, thereby making it particularly tricky for hackers to pilfer passwords.

If a hacker gains entry into one of those servers, they will come up against heavy encryption, but even if they cracked that they could do little with it as the relevant data is split, RSA said. For a successful breach, a hacker would have to break into both servers, almost simultaneously, RSA said.

Password security in the cloud

Businesses can either choose to have both of those servers held in their environment, or one inside their own data centre and another in the cloud.

“RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs,” said Dan Schiappa, senior vice president of identity and data protection, RSA.

“This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.”

RSA may be pleased with itself for innovating, but in reality it is doing nothing new, according to Brian Spector, CEO of two factor authentication provider CertiVox (pictured).

“RSA seems simply to be doing what all legacy providers do – putting a Band-Aid on username/password bleeding and thus preventing users from making a break to something of much higher utility, like true two-factor authentication,” Spector, a former RSA employee, told TechWeekEurope at the RSA 2012 event.

“It still uses the existing username and password methodology, for example, and credentials are still stored, even if they are now split between different locations. Managing two different credential stores is, in itself, likely to create a significant management overhead and storing anything anywhere naturally increases its vulnerability.

“Nor is splitting credentials a new idea – at CertiVox, splitting the master keys has long been integrated into services like SkyPin and SkyKey. However, we use one secret key on the server, without having to split it across boundaries, thus avoiding the management overhead.

“There is no danger of the rest of the user population being compromised, even if the secret key on the server is compromised itself. The RSA approach fails signally on these key points of differentiation.”

How well do you know Internet security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Investors Shocked As Temu Parent Misses Estimates

Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…

16 mins ago

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

4 days ago