We all know the problems inherent in passwords. Make your password requirements too simple, and passwords can be too easily cracked. Make them too difficult, and users will write their passwords down next to their computers. Not to mention users using the same password for everything. PowerCloud, a startup spun-off of Xerox’s noted Palo Alto Research Center, is pushing what it calls “usable security” – an approach to making reality converge with security. Its first project is a partnership with D-Link to improve wireless networking security.
One big problem for small and medium sized enterprises deploying wireless networks is managing encryption keys. Larger enterprises tend to use enterprise encryption methods like PEAP that integrate with Active Directory. Small and medium sized organizations tend to use pre-shared keys. The problem is that pre-sharing keys can result in many people knowing the key to a wireless network. Changing the WiFi key every time an employee leaves the organization would be a huge hassle for everyone involved.
PowerCloud and D-Link are planning to solve the problem with Individual Device Authorization (IDA). Individual devices will get a token to upload via a web browser to the wireless access point. That device would then be authorized to use that wireless network until the token is revoked. Tokens can be revoked in the event that a device is lost or stolen or an employee leaves an organization.
Eventually PowerCloud wants to apply this technology to other types of network resources, including network attached storage, databases and VPN connections, could work the same way. PowerCloud is working on a browser-based access control console that it hopes will make access control easier for IT.
For the time being, passwords will still be required for device or domain authentication. Getting rid of passwords entirely isn’t feasible, but PowerCloud is showing the way towards less dependency on problematic authentication methods. We look forward to seeing more innovation in this area.