 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Richard Pieri wrote: > In the typical case, a two-factor system uses a security token of > some sort and a code to unlock that token to make it useful. It is arguable whether that is typical. The systems I have heard of, which have been deployed for large scale sites, like PayPal, spit out a code when you press a button (such as the Verisign "football" and successors). You don't "unlock" them. Others have you insert a smart card, USB key, or send you code via SMS to your cell phone. None of these require unlocking the security device. 1. https://idprotect.verisign.com/orderstart.v Without evidence to the contrary, I'd assume measured by volume of units deployed that the non-password requiring security devices outnumber the ones that do need to be unlocked. But this is besides the point, because... > Problem: users forget their passwords so they write them down on > post-it notes. What reason do you have to expect anything different > for the token unlock codes? You are arguing a negative for a system that is different from what I proposed. I agree with you that the system you describe has the same problem, but it is irrelevant. > In the...case where the token's proximity is required in > addition to the desktop password, we still have users writing their > passwords on post-it notes and sticking them on their monitors. As stated in the previous post, two-factor helps somewhat mitigate the use of weak passwords, thus you can relax your password rules and permit users to pick something they find memorable. Thus minimizing the use of post-it notes. > You can layer more and more complexity in order to cover these > loopholes and improve your warm, fuzzy feeling of security. Or you > can do something simple: lock the door. Maintain good physical site > security. Then it won't matter if users write their passwords on > post-it notes. If attackers can't gain physical access then those > post-its do them no good. Problem solved. True, you should do that too, if practical. But in general, you want to strive for the maximum security benefit for a given level of user cost (inconvenience). If adding Bluetooth proximity increases your security while minimally impacting user inconvenience, then it is a win. If you don't believe that to be the case, then use something else... -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
