Aug 9, 2009

What's a bigger problem than malware/Viruses? Poor Password Management

Interesting post by Larry Walsh, which nicely frames the issues we saw when we created LastPass:

http://blogs.channelinsider.com/secure_channel/content/authentication_and_access_control/poor_password_management_eclipses_virus_problem.html

Passwords are a huge problem at every organization I've worked with, and are typically the weakest link in the security chain, no matter what the policy has been. The solution is a single password people actually care about making secure and associated multi-factor addons to increase security. The last password you'll have to remember.

LastPass still has a lot of work left in bringing to life our vision of allowing you to use a single password everywhere but we should be able to complete our first stage (web based integrations) and moved into our second phase (desktop applications, flash and Java, etc) in a couple months.

2 comments:

  1. huge fan of lastpass with the yubico token generator! Phenomenal password management tool!

    ReplyDelete
  2. I agree that passwords are indeed a problem in the enterprise.

    However, although LP is making great strides and I really like it, it cannot really be taken seriously in the enterprise space because it has not been independently verified and security tested.

    I realise that this is difficult and costly and especially hard as LP is still chaning rapidly but I do think that this would be an opportunity for you - you could offer an enterprise version (at a cost of course) that would be the focus of security testing. The free versions would eventually benefit from the testing and fixes.

    Regards, Julian Knight
    http://it.knightnet.org.uk

    ReplyDelete