RSA specs to bolster passwords

One time passwords boost security

To improve protection for applications, RSA Security has announced a series of one-time password technology (OTP) specifications to drive adoption of stronger authentication systems across firms.

At February's RSA Conference 2005 in San Francisco, the security firm revealed plans to submit the specifications for consideration by standards bodies such as the Internet Engineering Task Force and Oasis.

The establishment of OTP standards would encourage more vendors to adopt the technology, leading to simpler, cheaper authentication systems for firms, said RSA.

Password policy has often been a weak link in firms' security, partly because many users favour simple, guessable words or phrases.

RSA's chief executive, Art Coviello, said distrust of the internet means firms must rapidly rethink IT security practices. "In the last year confidence has eroded," he said. "Spyware attacks are having an effect. For the first time services have started to be scaled back."

Also at the event, Cisco's president, John Chambers, gave further details of his firm's strategy for building intelligent, self-defending networks. Cisco will put adaptive defence technology into various products by April, including specialised security modules.

Microsoft said it is developing a more secure version of Internet Explorer. But Symantec chief John Thompson argued that Microsoft is poorly suited to offering "enterprise-level security for large firms".