Re: Password Cracking
From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 01/29/03
- Next message: Curtis Anderson: "Re: Bringing new NT4 installation up to snuff"
- Previous message: Analysis&Solutions: "Re: Bringing new NT4 installation up to snuff"
- In reply to: Lyal Collins: "Re: Password Cracking"
- Next in thread: Lohkee: "Re: Password Cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S. Pidgorny [MVP]" <slavickp@yahoo.com> Date: Wed, 29 Jan 2003 19:10:51 +1100
You are right. I meant that not in all cases access tokens are just a layer
of obscurity on top of passwords - sometimes they are :(
-- Svyatoslav Pidgorny, MS MVP, MCSE -= F1 is the key =- "Lyal Collins" <lyalc@ozemail.com.au> wrote in message news:yoIZ9.142$qb2.7231@nnrp1.ozemail.com.au... > Well consider a token, smartcard or whatever. > If the device is lost, stolen or 'borrowed' while you make a coffee, then > the posessor of the device has the ability to assume the owner's identity > and all associated rights and privileges (at least as far as the token is > concerned.) > This is single factor authentication - possession of the token = full > permitted access > If one wants to move to a "token + proof user was present" model, then a > secure 'logon' to the token, or an auxillary authentication process is > needed. > Today, that means a password, PIN, passphrase, personal access code (insert > term of your choice here) etc etc. > If all the issues (many of which are non-technical) with biometrics can be > resolved, then there will be a second option. > Until then posession of a device is not enough for many logical access > control requirements. I know the parelle of a door key exists - which is > why more important stuff is locked behind multiple layers of doors, with > keys possessed by different people, increasing accountability and reducing > collusion/extortion and 'rogue' actors. > > Whatever we do, password management is here to stay for the next 5-20 years. > Either as the direct authentication means, or indirect via a smartcard. > To paraphrase McNealy - Get over it! > Lyal > > > > > "S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message > news:#1lQ$7sxCHA.2184@TK2MSFTNGP09... > > Lyal, > > > > I'm not sure it's entirely true. Can you please give illustration, using > say > > Windows 2000 smart card logon for console session and remote access as an > > example? > > > > -- > > Svyatoslav Pidgorny, MS MVP, MCSE > > -= F1 is the key =- > > > > "Lyal Collins" <lyalc@ozemail.com.au> wrote in message > > news:1IGY9.113$0K6.5507@nnrp1.ozemail.com.au... > > > I agre - worse, passwords perform the underlying user authentication in > > > almost all existing products - smartcards, digital certs etc. > > > > > > > > >
- Next message: Curtis Anderson: "Re: Bringing new NT4 installation up to snuff"
- Previous message: Analysis&Solutions: "Re: Bringing new NT4 installation up to snuff"
- In reply to: Lyal Collins: "Re: Password Cracking"
- Next in thread: Lohkee: "Re: Password Cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
