One-time Passwords - Tight Security for Sensitive Data and Responsible Users - OTP and Web Hosting
(Page 3 of 4 )
One of the areas that desperately needs security improvement is the Web. With e-commerce transactions for billions of dollars, such “minor” issues as stealing passwords cannot be underestimated. It is true that there are many e-commerce solutions that implement OTP or similar advanced technologies, but it looks as if this is more an exception than a rule.
Major reasons why OTP solutions are not widely used in Web hosting include their high (hardware token) price, the difficulties associated with keeping a hardware token handy all the time, and probably the underestimating of the security risks posed by unauthorized access. Otherwise, product offerings – both commercial and open source – are not lacking. It seems that vendors are ahead of their time, while users and managers are still not ready to adopt the OTP approach, especially for the Web.
Although high prices can be named as one of the most important obstacles to One-Time Password use on the Web, a drop in price should happen in just a matter of time. When more and more sites start deploying OTP, the price of hardware tokens will inevitably drop. This has already happened to some degree for OTP and Two-factor authentication systems for enterprises. Currently, there are offerings for USB storage devices that can be used as hardware tokens for as low as $10 dollars per user. For any enterprise that cares about its security, this price cannot be an obstacle, even when its users number in the thousands.
Let's hope that Web hosters will follow enterprises in adopting OTP and Two-factor authentication. It is encouraging that enterprises include in their OTP initiatives remote access to their resources, including internal Web servers. Probably when this approach becomes more widespread and users become educated about the benefits it provides, as opposed to its usability difficulties, OTP and Two-factor authentication will make their way to the Web as well.
Next: Where on the Web is OTP? >>
More Web Hosting How-Tos Articles
More By Blue Moon
