Re: Fingerprint
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Wed, 1 Nov 2006 19:05:59 -0800
"Wim" <Wim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0CE09A91-170E-46E5-9020-0229F6B36B6B@xxxxxxxxxxxxxxxx
To increase our system security I woul like to increase the complexity oftechnology.
our password settings, but I also want to avoid that users start putting
their password on a little peace of paper under their keyboard or in their
drawer.
To avoid this I started thinking about the usage of fingerprint
I know their are fingerprint systems that can be used for conveniance butsystem?
that are not realy secure. Can you recommend me a secure fingerprint
We tried a few of these, and my general feeling is that they all work 90% of
the time, and none of them is well integrated with Remote Desktop. The
first moment a user needs to remotely access another computer, guess what:
they need their post it notes again. As a simple convenience feature for
the local desktop that does get rid of post it notes with passwords for a
limited number of users, they are okay. For a sophisticated intruder, they
are easy to fake out.
The cat's meow for secure passwords is two factor authentication using
tokens that generate pseudo-random numbers, combined with a simple password
your user remembers. We evaluated these recently and selected Cryptocard,
but we have not implemented it yet so I can't recommend it yet. They seem
to have thought about the integration to Active Directory more deeply than
their competitors, and I really like the fact that they don't change the AD
schema.
All of the two factor systems tend to implement as RADIUS servers, so a nice
side effect is you can use them for firewall VPNs, independent of any AD
authentications.
--
Will
.
- Prev by Date: Firewalls That Report / Filter Just Incoming Connections?
- Next by Date: Security Template vs SCW
- Previous by thread: Firewalls That Report / Filter Just Incoming Connections?
- Next by thread: Re: Fingerprint
- Index(es):
Relevant Pages
|
