Will Tech Industry Ever Fix Passwords?

What LinkedIn and other recent breaches tell us about widespread security risks as we embrace social media and cloud applications in the enterprise.

1 2 Page 2
Page 2 of 2
  1. Realize that it's important to understand the breach in detail. The goal is to figure out exactly why it happened and how to prevent it, not to assign blame.
  2. Interview all stakeholders (network, security, system and business) to understand the root causes better.
  3. Fix the problem, obviously, but move beyond tactical decisions to form a strategic security plan for the future.
  4. Communicate the situation clearly to end users. Then, develop a plan for ongoing training.
  5. Embrace stronger credential storage and encryption practices, including migration to SHA-512 with salting.
  6. Migrate to multi-factor authentication for B2B applications and internal users.
  7. For consumer-facing applications and guests or partners, consider offering enhanced account protections, such as notifying consumers if their account has been accessed from an unusual IP address or an unknown device.
  8. Review and build better network zoning, including upgraded firewalls, IPSs, routers, etc.
  9. Enhance the software development lifecycle. This includes practices like periodic internal and external audits and security reviews, as well as ongoing monitoring and detection of unusual patterns.
  10. Share your experiences and help standards bodies develop standards for authentication, identity enforcement, digital signatures and so on.

Jeff Vance is a Los Angeles-based freelance writer who focuses on next-generation technology trends. Follow him on Twitter @ JWVance.

Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download CIO's Winter 2021 digital issue: Supercharging IT innovation