[Discuss] A Little OT: The Password Post-It
Tom Metro
tmetro-blu at vl.com
Fri Apr 20 02:04:10 EDT 2012
Richard Pieri wrote:
> Tom Metro wrote:
>> could be addressed by having the smartphone app fingerprint the WiFi
>> access points in the vicinity. Maybe even verifying that the phone has
>> an active connection to the corporate WiFi, authenticated through your
>> RADIX server (the laptop/desktop component could also confirm this).
>>
>> You've now raised the bar some more.
>
> So... instead of having users remember their passwords you expect
> them to keep track of little things that they lose and break all the time
> *and* the passwords needed to make those little things usable. And
> you've spent a lot of money on hardware and software needed to implement
> this system.
Ummm...you lost me here. What are the "little things that they lose and
break all the time?" Their phone?
What are "the passwords needed to make those little things usable?" A
password for the phone? Bluetooth proximity is not dependent on the
phone being password protected.
>> Part of your premise was that this sort of relay attack could be
>> accomplished without the phone holder being aware of it. You could also
>> mitigate that by having the app trigger an audio alert when an
>> authentication handshake occurs.
>
> No, my premise is that enforcement of password policies is stupid.
OK...but not part of the thread branch that this message belongs to.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list