* We may soon be using passwords plus PINs for authentication Are passwords passé? A couple of weeks ago, the “Seattle Post-Intelligencer” ran an Associated Press story that described various multi-factor authentication schemes, such as password-plus-biometric and smartcard-plus-password.The gist of the story is that passwords are too “static” for good security. Where 10 years ago we debated how often to require users to change passwords, the feeling now is that for best security a password should be changed each time it’s used. Of course, most users wouldn’t put up with a system that demanded they change their password each time they authenticated nor would they be able to remember the password they’d chosen, leading to lots of sticky notes hanging off their monitor with the current password written down.At the end of the last century, many believed that for authentication passwords would be replaced by tokens or smartcards, carried by users and fed into a reader, or via radio frequency identification tags read by a proximity device. It was quickly realized, though, that a lost or stolen token could be a real security threat. Early biometric experiments were even more fraught with problems. While a lost smartcard could be invalidated and replaced, what could you do when your fingerprint data was compromised – get a new finger? Today’s solution is to combine smartcard/tokens or biometric readings with password protection. The lead paragraph in the AP story describes a system used by a Swedish bank to protect online transactions. From their Web browser, the user enters a unique “username,” which in this case is a national ID number, similar to the U.S. Social Security number and a 4-digit PIN. There’s more, though.Each user is given a small card – like a scratch-off lottery ticket – with 50 covered cells (the user is automatically sent a new card when the old one is almost used up). Scratch the covering off a cell and reveal a code. Once the ID number and PIN have been entered, the user needs to enter the next code from the scratch-off card. The card itself carries no identification of the user, so if it’s lost it can’t be compromised. Still should the card be stolen the thief presumably would know who it was stolen from and could discover their national ID number and guess at their PIN (one of 10,000 possible numbers). Is that secure enough? Possibly, but there’s an important factor that needs to be taken into account, and I’ll get deeper into that consideration in the next issue. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe