What is security's silver bullet?

How many different user IDs and passwords do you have to remember in order to access the applications and services that you use regularly? I did a quick count of my own pool of alphanumeric lines that are swimming in my memory bank...

There's one for each of my four Web e-mail accounts, two to access my company's e-mail and content management systems, one each for the two IM accounts I have, at least five others for the various member accounts I maintain at sites like Amazon.com, PayPal, The Sims 2.com and LinkedIn...I stopped counting after 10.

The number got so voluminous that, I confess, I resorted to storing some of them--specifically those I seldom use and have a higher tendency to forget--in my Palm. It's bad security practice, I know, but at least I didn't jot it down on a PostIT note and try to conceal it under my keyboard.

Human error is often cited as the biggest loophole in a company's security strategy, so it comes as hardly a surprise that another security expert this week pointed to computer users as the "least educated" when it comes to adopting proper security practices. He also highlighted fixed passwords as generally a "dangerous" tool because, unlike one-time or token-based passwords, they remain unchanged until users are prompted to renew their password, usually after a 60- or 90-day cycle.

But, as ZDNet Asia reader Wendy Goucher points out, businesses need to do more than simply dismissing the role that employees play in helping to preserve a healthy level of security for their company.

RFID chip implant in a hand (Source: blogger Amal Graafstra)

I'm unsure though if it'll take tools like token-based key generators or the complete abolishment of passwords to put an end to a company's security woes.

Over the past years, devices and technologies like smart cards, Java-based cards, USB-enabled security tokens and biometrics, have been touted as the answer.

Years later, most PCs today still don't come equipped with a card reader, biometric technology hasn't been perfected, and those handy security tokens can be easily misplaced--just as passwords can be easily forgotten.

Suffice to say that the problem with security isn't a simple one to solve and the silver bullet is unlikely to come any time soon.

Perhaps it'll take a human chip implant to eradicate security threats, but until that day comes, the best defense will require a combination of user vigilance, regular administrative checks and further technology advancements.

• Talkback (1)
• Print
• E-mail
• Share
• Alerts

• Will technology divide us further?
• Don't CC me, I'll CC you
• Where have all the bosses gone?
• What Y2K can teach us about 2012
• Learning to embrace Net without fear

• Why tech should play like jazz
• In death do we digitally depart
• Shhh, but I ain't no Apple fanboy
• Not all employees are created equal
• Corporate governance don't mean squat if flouted

2009

2008

2007

2006

• Do we need more delivery centers?
• Will technology divide us further?
• Buying a projector? Try an LED TV instead
• Lift-and-shift: Resurgence or flame-out
• Time to map out

Eileen Yu

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. These days, she gets stirred up over issues concerning Internet regulation, intellectual property rights and software patents, online privacy and data protection. Eileen is senior editor at ZDNet Asia, where she oversees the business tech news site.