Re: [fw-wiz] Username password VS hardware token plus PIN

From: Frank Knobbe (frank_at_knobbe.us)
Date: 02/22/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Username password VS hardware token plus PIN" 
    To: MHawkins@TULLIB.COM
Date: Tue, 22 Feb 2005 11:39:25 -0600

    On Tue, 2005-02-22 at 10:08 -0500, MHawkins@TULLIB.COM wrote:
    > What solutions are out there that do not use a PIN but use some
    > username/password combination along with the hardware/software token?

    Why would you need that?

    In both cases you need a user name to identify the user.

    In case of password-only, you just the password, something you know.

    In case of token, you use the token (something you have), and the PIN
    (something you know). The PIN is in a sense acting as the password.

    Why would you need two passwords?

    Another advantage that tokens have (but also other OTP schemes like OTP
    calculators) is that the password/token-response is only valid once. If
    someone intercepts the given token code during authentication, he should
    not be able to use the same information again. Just like a
    one-time-password created by an OTP calculator.

    The valid-only-once advantage is something a static username/password
    can not provide.

    Regards,
    Frank

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Username password VS hardware token plus PIN"

    Relevant Pages

    • Re: Dongle coming to you soon
      ... Digipass Go 3 one-time password (OTP) tokens for strong two-factor ... offers both the classic time-synched SecurID (which uses AES to ... authentication servers and agents which support them is OT here, ... otherwise savvy discussion of OTP tokens and strong authentication. ...
      (alt.games.warcraft)
    • Re: Dongle coming to you soon
      ... Digipass Go 3 one-time password (OTP) tokens for strong two-factor ... offers both the classic time-synched SecurID (which uses AES to ... authentication servers and agents which support them is OT here, ... otherwise savvy discussion of OTP tokens and strong authentication. ...
      (alt.games.warcraft)
    • RE: [fw-wiz] Username password VS hardware token plus PIN
      ... The RSA key you use, can you force regular PIN changes al la password policy ... > most USB tokens is almost guaranteed to be written down by dumb users ...
      (Firewall-Wizards)
    • Re: Dongle coming to you soon
      ... Digipass Go 3 one-time password (OTP) tokens for strong two-factor ... offers both the classic time-synched SecurID (which uses AES to ... authentication servers and agents which support them is OT here, ... otherwise savvy discussion of OTP tokens and strong authentication. ...
      (alt.games.warcraft)
    • RE: [fw-wiz] Username password VS hardware token plus PIN
      ... Granted, at that point, you have my PIN, but you still don't have my token. ... > confident that XX days later, the password will be different to what ... > burned into most USB tokens is almost guaranteed to be written down by ... If you are not the intended recipient please notify the sender ...
      (Firewall-Wizards)