Following a spate of high profile password leaks over the last few months, including breaches at Sony and LinkedIn, consumers have grown concerned that their passwords might not be enough to deter cybercriminals from stealing their personal information.
With these fears in mind, the security firm RSA thinks that it’s hit on a novel way to deter hackers from trying to crack people’s passwords, and hopefully keep our online accounts safely locked up as they should be.
What RSA suggests is that passwords should effectively be scrambled, before being split into two, and stored on separate servers – the logic being that hackers will have a much tougher task trying to get hold of the full password.
Splitting passwords would necessitate hackers cracking not one, but two different servers, before putting the two parts together – something RSA believes would act as a major deterrent.
To facilitate this, RSA says that its Distributed Credential Protection security software will store the two portions of passwords on different servers within its distributed credential protection (DCP) facility.
Liz Robinson, RSA’s marketing manager, explained a little about how the split passwords would work:
“DCP scrambles, randomized and splits sensitive credentials, passwords and Pins and the answers to life or challenge questions into two locations. This is especially important in today’s landscape as we’ve seen over 50 million passwords stolen in large data breaches in 2012 alone.”
However, not everyone agrees with RSA’s theory. Professor Alan Woodward, a cybersecurity researcher, told the BBC that while splitting passwords would prevent less common ‘smash and grab’ attacks, it would do little to deter so-called ‘phishing’ scams, which remain the most popular way for thieves to grab passwords:
“The original problem was that businesses were storing passwords in plain text. Firms dealt with that by using encryption, but some attacks are getting very sophisticated and have found ways to crack some of the other encryption techniques.”
“RSA basically prevents this, but something like 80% of successful attacks result from phishing emails. So while RSA will stop smash and grab attacks on firms’ servers, the most successful kind of attack will likely remain people giving their passwords away.”
RSA’s Distributed Credential Protection security software will not come cheap either, with licenses for the software selling at $150,000.