Security Basics mailing list archives
RE: Two Factor authentication and changing passwords
From: "Nick Owen" <nickowen () mindspring com>
Date: Wed, 4 Jan 2006 23:39:14 -0500
If they are using the OTP and PIN, why are they using passwords at all? Or are they using SecurID for remote access and therefore feel they don't need to change their LAN passwords? If the latter, I can see why they are saying that - passwords are a pain. Can they segment critical sections of the lan or applications off as remote access, requiring 2FA? If they are using passwords with the PIN and OTP for remote access, I say drop the passwords altogether. They are more likely to get sniffed on wireless connection, etc. HTH, Nick
-----Original Message----- From: Brian Johnson [mailto:brian.l.johnson () gmail com] Sent: Wednesday, January 04, 2006 11:57 AM To: security-basics () securityfocus com Subject: Two Factor authentication and changing passwords I was wondering if anyone could point me towards some recommendations for how often passwords should be changed if two-factor authentication is used. I am working with a client who thinks that using SecurID tokens means they should never have to change their passwords but I am not comfortable with this.
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor. Now open source: http://sourceforge.net/projects/wikid-twofactor/ --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Two Factor authentication and changing passwords Brian Johnson (Jan 04)
- RE: Two Factor authentication and changing passwords Nick Owen (Jan 06)
- Re: Two Factor authentication and changing passwords Leif Ericksen (Jan 06)
- <Possible follow-ups>
- RE: Two Factor authentication and changing passwords Roger A. Grimes (Jan 05)