Insurance is a fundamental aspect of business risk management used to spread or mitigate financial risk by transferring it to a third party. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow, in size as an industry, and in importance as a service.
But there are issues — not least because there is comparatively little actuarial history on which the industry can base its premiums. While there is a century of auto insurance and many centuries of shipping insurance, there is little more than two decades of cyber insurance history. As a result, both insurers and insureds are still unsure about what it is, what it should or can cover, and how much it should cost.
The investigation into these three standalone password managers has revealed that, through hardware hacking, it is possible to read data directly from the chips on the board, security researcher Phil Eveleigh explains.
Eveleigh tested RecZone Password Safe, passwordsFAST, and Royal Vault Password Keeper devices. A passcode is used to secure these devices, and users are also provided with the ability to add in the URL, username, and password for each site.
“However one thing I did find consistent across all devices is the keyboard is hard to use and doesn’t encourage strong, complicated passwords,” the researcher explains.
The analysis, Eveleigh says, starts with adding data to the device, then removing the device’s case to access the board and inspect it.