BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] A Little OT: The Password Post-It

Subject: [Discuss] A Little OT: The Password Post-It
From: tmetro-blu at vl.com (Tom Metro)
Date: Fri, 20 Apr 2012 02:04:10 -0400
In-reply-to: <FD4BA15B-63A6-4954-BC29-7A20A3BEF45A@gmail.com>
References: <CADdmjq8zfcS6rFxS5_G9VKXCx1A7YPEyiNBXbKEM3EZ7cn8ptQ@mail.gmail.com> <1334765551.11810.12187.camel@concord3.proximity.on.ca> <4F8F2710.9090408@vl.com> <1334783377.11810.12526.camel@concord3.proximity.on.ca> <4F8F33E1.2080807@vl.com> <DB54EB5E-9314-43F0-A38D-B3B045CB617D@gmail.com> <4F8FAD19.2060303@vl.com> <4F9037BE.5040005@gmail.com> <4F906667.2040808@vl.com> <FD4BA15B-63A6-4954-BC29-7A20A3BEF45A@gmail.com>

Richard Pieri wrote:
> Tom Metro wrote:
>> could be addressed by having the smartphone app fingerprint the WiFi
>> access points in the vicinity. Maybe even verifying that the phone has
>> an active connection to the corporate WiFi, authenticated through your
>> RADIX server (the laptop/desktop component could also confirm this).
>>
>> You've now raised the bar some more.
> 
> So... instead of having users remember their passwords you expect
> them to keep track of little things that they lose and break all the time
> *and* the passwords needed to make those little things usable. And
> you've spent a lot of money on hardware and software needed to implement
> this system.

Ummm...you lost me here. What are the "little things that they lose and
break all the time?" Their phone?

What are "the passwords needed to make those little things usable?" A
password for the phone? Bluetooth proximity is not dependent on the
phone being password protected.



>> Part of your premise was that this sort of relay attack could be
>> accomplished without the phone holder being aware of it. You could also
>> mitigate that by having the app trigger an audio alert when an
>> authentication handshake occurs.
> 
> No, my premise is that enforcement of password policies is stupid.

OK...but not part of the thread branch that this message belongs to.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

Follow-Ups:
- [Discuss] A Little OT: The Password Post-It
  - From: richard.pieri at gmail.com (Richard Pieri)

References:
- [Discuss] A Little OT: The Password Post-It
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] A Little OT: The Password Post-It
  - From: chris at tylers.info (Chris Tyler)
- [Discuss] A Little OT: The Password Post-It
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] A Little OT: The Password Post-It
  - From: chris at tylers.info (Chris Tyler)
- [Discuss] A Little OT: The Password Post-It
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] A Little OT: The Password Post-It
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] A Little OT: The Password Post-It
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] A Little OT: The Password Post-It
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] A Little OT: The Password Post-It
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] A Little OT: The Password Post-It
  - From: richard.pieri at gmail.com (Richard Pieri)

Prev by Date: [Discuss] [OT] unions
Next by Date: [Discuss] A Little OT: The Password Post-It
Previous by thread: [Discuss] A Little OT: The Password Post-It
Next by thread: [Discuss] A Little OT: The Password Post-It
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org