« Database and Active Directory -- Round Two | Main | Simplify Managing TNSNAMES.ORA »

This Is Why You Need Adaptive Access Control

By mark.wilcox on November 19, 2007 5:57 PM

Yet another article talking about how easy passwords can be cracked.

I'm beginning to tire of these articles. Not that it isn't good reminder that passwords shouldn't be your only form of security - but they're the technical equivalent of repeated signs on the factory wall saying "breathing paint fumes can harm your health" while working in a paint factory.

Meaning - while technically correct - you can't easily avoid them so a sign without any other precautions (in the paint factory - things like gas masks) - are not very helpful.

In the technical world - while it's nice to think of ways of avoiding passwords using tokens, thumbprint readers or perhaps Vulcan mind-melds - these things don't catch on for various reasons. The reality is they're not going anyway anytime soon.

Which is why I am pretty excited by one of our newest products (it's still hard to fathom that we're now a rather old acquisition at just over 2 years) - Oracle Adaptive Access Management (OAAM) aka Bahrosa.

At the core what OAAM does is provide adaptive risk analysis. So for example on sensitive transactions you can build rules that say "normally you only move money from savings to checking between 9am and 4pm from an IP in Dallas" so that when someone tries to move money at 2 am from say El Salvador (just picking random place) - it can prompt you a security question. Or page someone. Or stop it. Or all of the above.

That way if you're on vacation and needing to get some more money to buy another drink at your resort hotel - you're cool. But if not - it will help protect you.

Another feature (and one that is very cool to see) is the strong authentication feature.

What the strong authentication feature does is that it uses some sophisticated technology to present alternative entry mechanisms to enter passwords.

For example instead of entering your password into a text field - it will present you a virtual keyboard. The keyboard is overlayed a picture (that you choose during registration). And everytime you're presented with the keyboard - the keyboard and image shift alignment a bit. And the image is timestamped.

Plus actual keys are never transmitted - thus it makes it very hard to Phish and keylog.

And while maybe we'll get past passwords in the future - you will probably still need fraud detection.

So if you are doing business online (either consumer or internally focused) you might want to check OAAM out.










AddThis Social Bookmark Button

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search All Blogs

Google Search


Only search this blog

About This Entry

This page contains a single entry from the blog posted on November 19, 2007 5:57 PM.

The previous post in this blog was Database and Active Directory -- Round Two.

The next post in this blog is Simplify Managing TNSNAMES.ORA.

Many more can be found on the main index page or by looking through the archives.

Top Tags

RSS

Subscribe to this blog's feed
Powered by
Movable Type and Oracle