The other day Darkreading reported on a story from Australia that wireless carrier Vodaphone’s customer database was compromised because a journalist was able to use easily login using a shared set of credentials. Good thing that it was a reporter instead of someone nefarious.
While there is plenty of blame to go around, there are a lot of people already passing judgment so I won’t comment further there. However, I do want to weigh in on a different point that seems to be completely overlooked – that this could have been completely prevented.
Keystroke dynamics, by its very nature, eliminates the password sharing issue. For example, AuthenWare uses a series of biometric security algorithms that record and measure a person’s unique typing patterns (and other information). But the point is, once a pattern is set for a userid/password combination, the software can disallow any other person from using that set of credentials, even if the userid and password are correct. That alone could have stopped Vodaphone’s problem. In fact, one of our customers is using our software for just that purpose – eliminating password sharing.
There are a number of reasons why this is important. Of course protecting access to your web and internal system access is first and foremost, but there are also other reasons: knowing who is accessing what at all times, stopping invalid users from causing harm, complying with auditors and other regulatory statutes, and protecting revenue (for software vendors). I encourage you to contact us to learn how we can help you reduce or eliminate password sharing in your organization.
