Security Basics mailing list archives
Re: Worldwide authentication
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 24 Oct 2002 18:00:22 -0700
From: "Fred Williams" <A20FBW1 () wpo cso niu edu> This may be overboard but I think there might be an additional problem: >They don't necessarily own portable PCs. So are they using "trusted" pc's? ie, do you know that the computer the trusted user is using is clean (no keylogger etc)? (say that 3 times fast ;-)
Thats the beauty of the code token, unless they can use that information in less than 15 seconds, even a keylogger doesn't help them, and if you're worried about that, you shouldn't be letting them log in from someone else's machine anyways.
Chris Berry compjma () hotmail com Systems Administrator JM Associates"Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? "
_________________________________________________________________Internet access plans that fit your lifestyle -- join MSN. http://resourcecenter.msn.com/access/plans/default.asp
Current thread:
- Re: Worldwide authentication ONEILL David J (Oct 18)
- <Possible follow-ups>
- Re: Worldwide authentication Chris Berry (Oct 21)
- Re: Worldwide authentication Fred Williams (Oct 24)
- Re: Worldwide authentication Chris Berry (Oct 25)