You Down with PPI?

By Liz Robinson, Principal Product Marketing Manager, RSA Identity and Data Protection

We’ve all heard of Personally Identifiable Information or PII (social security number, drivers license number, birth dates) and Protected Health Information or PHI (medical diagnosis codes, medical history), but have you heard of Personal Password Information or PPI?  No?

How important are your passwords to you?  What would happen if someone got a hold of your password to your bank account?  Chances are, that password is the same as the one for your favorite online shopping site account where your credit card is stored, or your enterprise VPN, or maybe even your online mutual funds site.  One password is all an attacker needs to access so many of your sensitive accounts.  And the potential damage?  Well, I don’t even think I need to go there…

There are several things that can be done to protect your PPI.  First, as a consumer, you can buck the “password reuse” trend and use multiple passwords instead of just one.  This will ensure that an attacker who gets your password to your email account doesn’t have your password to your bank account.  Just ask Wired writer Mat Honan how this feels.

As an organization, you can take several steps to protect your end users.  A wide variety of solutions are available ranging from risk-based and adaptive authentication (to ensure the person trying to log in is the right person) to strong credential protection (to ensure the passwords themselves aren’t stolen in a smash-and-grab server attack).

You down with PPI?  I know I am.

Liz Robinson is on the product marketing team at RSA and is focused on the data protection portfolio, including encryption, tokenization and key management.  You can follow her on twitter @lizrobinson117.

No Comments