Cached Credentials & Data Loss

Guy Bunker

There have been a couple of stories in the news recently about cached credentials. In essence, you enter your username and password and it enables you to, in this case, easily buy things from the online shop. Making it easier to use compromises the security and here meant that someone else could readily buy stuff when they shouldn’t have been able to.

Move to the business environment… what sort of compromises do you make with your security in the name of user convenience? When it comes to enterprise applications, especially those on mobile devices and / or accessed through a web browser, what is your policy on cookies and caching? If someone were to pick up your mobile phone, or iPad how easy would it be to get access to your data?

Now is the time to revise security policies and usage polices, especially where the IT equipment is used by the employee. Ensure passwords are required when the devices are switched on, have auto-lock policies after a short period of time (5-10 minutes should be ample) and review cookie credential caching for enterprise apps.

Guy Bunker

comments

Leave a Reply