Re: Two Factor authentication and changing passwords

If *passwords are /not/ allowed* when using SecureID this would be
accurate.
If ssh keys are not allowed to gain access to the serves protected by
SecureID and *passwords are not* allowed this would be accurate.
If the only access method was SecureID, and the passwords were used as a
second level and they could be 100% sure that the person trying to
access the account of John_Smith was indeed John_Smith and not
Fred_Jones I would say they have a leg to stand on.

In general whenever passwords are used they should expire in a
reasonable period time even with SecureId.
IMHO
--
Leif Ericksen

On Wed, 2006-01-04 at 10:57 -0600, Brian Johnson wrote:
> I was wondering if anyone could point me towards some recommendations
> for how often passwords should be changed if two-factor authentication
> is used.
>
> I am working with a client who thinks that using SecurID tokens means
> they should never have to change their passwords but I am not
> comfortable with this.
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------------
>
--
Leif Ericksen <leife@xxxxxxx>


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Relevant Pages

  • Re: Secure local data
    ... >> True security can only be achieved by restricting physical access to any ... What insane fool keeps all the passwords on a system? ... (The old SecureID token card ... maybe only locks and ...
    (linux.redhat)
  • Two Factor authentication and changing passwords
    ... for how often passwords should be changed if two-factor authentication ... The Norwich University program offers unparalleled Infosec management ... education and the case study affords you unmatched consulting experience. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Enterprise Password Database Products
    ... could access certain passwords, etc). ... education and the case study affords you unmatched consulting experience. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Cracking simple password encryption
    ... I am trying to figure out the password encryption scheme used by some ... I have a few example passwords and I can see a pattern emerging: ... education and the case study affords you unmatched consulting experience. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
Quantcast