'Splitting' passwords said security help

Oct. 10, 2012 at 8:10 PM
share with facebook
share with twitter

LONDON, Oct. 10 (UPI) -- A product that scrambles and then splits users' passwords in two before storing them on different computer servers has been unveiled by a U.S. security firm.

Network security company RSA said splitting the passwords could thwart hackers, who would gain access to only half a "randomized" password even in the case of a successful attack.

The "distributed credential protection" system was announced at RSA's annual European Conference in London, the BBC reported Wednesday.

"DCP scrambles, randomizes and splits sensitive credentials, passwords and PINs and the answers to life or challenge questions into two locations," RSA marketing manager Liz Robinson said.

"This is especially important in today's landscape as we've seen over 50 million passwords stolen in large data breaches in 2012 alone."

However, one security expert predicted the system, while having some merit, would only prevent a minority of such attacks seen this year.

"The original problem was that businesses were storing passwords in plain text," Alan Woodward, a cybersecurity researcher who advises the British government, said.

"Firms dealt with that by using encryption, but some attacks are getting very sophisticated and have found ways to crack some of the older encryption techniques.

"RSA basically prevents this, but something like 80 percent of successful attacks result from phishing emails. So while RSA will stop smash-and-grab attacks on firms' servers, the most successful kind of attack will likely remain people giving their passwords away," he said.

Trending Stories