Re: [fw-wiz] Username password VS hardware token plus PIN
From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 02/24/05
- Previous message: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Next in thread: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Reply: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Reply: ArkanoiD: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Dragos Ruiu <dr@kyx.net>, Frank Knobbe <frank@knobbe.us> Date: Wed, 23 Feb 2005 20:18:50 -0500
Dragos Ruiu wrote:
>The problem with the old PDA idea is user reluctance.
Then get SecurIDs or whatever for the few users who
insist on 'em. But there are PDAs that are tiny, too -
credit card size like the Oregon Scientific PDA293
($9.95 at officedepot.com) or Xircom's Rex, which needs
no cradle because it fits in a PCMCIA slot to sync
and recharge...
Basically, you're just conveying excuses. And you're
making them sound better by implying that they are
from some senior manager who can't carry a credit
card sized device along with his golf clubs. But the
truth is that he's not going to tolerate *anything*
that enhances security because he's a moron. You
know it, and I know it, so let's not beat around the
bush.
I've been in this industry long enough that I can pretty
readily identify the sound of "it's not gonna happen"
without having to wait for the chorus. In fact, like a lot
of the Associated Computer Security Gray Beards (ACSGB)
I can accurately name that tune in the first couple
of notes. Every time I hear some Networking Weenie
start talking about "router performance concerns" I know
filtering isn't going in place on their networks. Or I hear
the tune of "latency" I know the firewall's going down, etc,
etc. When I hear the "portability" "power" "ease of use"
or "software integration" I know 2 factor authentication
is toast for that site. It starts off with the complaining and
ends with only the sysadmins (because after all they're
the least trustworthy people on the network, right?) using
the 2 factor authentication while everyone else uses their
dog's names as their passwords and life goes on... ;)
Try reverse-manhood-belittling psychology on those
executives, "what? your employees are so out of
shape they can't lift a measly 5-lb dongle? there
are programmers at XYZ.com who carry 15-lb dongles
all day long. what do you mean your users are
going to complain? can't you command obedience
from your employees? are you some kind of
girly-exec or what? do you think Larry Ellison's staff
would dare complain to him about a dongle? he'd
staple it to their lower lip if they did.." etc... ;)
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Next in thread: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Reply: Dragos Ruiu: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Reply: ArkanoiD: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
