Educause Security Discussion mailing list archives
Re: Implementing a Public Key Infrastructure
From: "Cary, Kim" <Kim.Cary () PEPPERDINE EDU>
Date: Mon, 20 Feb 2006 10:01:12 -0800
SiteKey is rather interesting. Basically, you can't put in your password (no blank for it) until you submit your userid. In response to submitting your userid you are shown two tokens on the resulting password input page: 1) A picture you chose from their set of pictures. 2) A phrase you previously input describing the picture. They tell you not to put in your password unless you see the picture and phrase you were expecting. So, if someone is phish-ing, they have to guess my ID, snarf & load my tokens into the phishing site in order to properly impersonate the site. On Feb 16, 2006, at 9:00 PM, SECURITY automatic digest system wrote: Date: Thu, 16 Feb 2006 09:28:57 -0800 From: "Barbara Chung (DURTSCHI)" < bchung () MICROSOFT COM <mailto:bchung () MICROSOFT COM> > Subject: Re: Implementing a Public Key Infrastructure We often think of two-factor as being something-that-you-know and something-that-you-have, assuming that what you have is on a hardware token. I suspect that the banks will be looking at deploying some kind of cryptographic device (they won't tell anyone of course) on the user's machine. Bank of America is using something they call SiteKey: http://www.bankofamerica.com/privacy/sitekey/ <http://www.bankofamerica.com/privacy/sitekey/>
Current thread:
- Re: Implementing a Public Key Infrastructure, (continued)
- Re: Implementing a Public Key Infrastructure Dick Jacobson (Feb 15)
- Re: Implementing a Public Key Infrastructure Waller, Michael A. (HSC) (Feb 15)
- Re: Implementing a Public Key Infrastructure Steve Brukbacher (Feb 16)
- Re: Implementing a Public Key Infrastructure St Clair, Jim (Feb 16)
- Re: Implementing a Public Key Infrastructure Barbara Chung (DURTSCHI) (Feb 16)
- Re: Implementing a Public Key Infrastructure Pullman, Nick (Feb 16)
- Re: Implementing a Public Key Infrastructure Steve Worona (Feb 16)
- Re: Implementing a Public Key Infrastructure Theresa M Rowe (Feb 16)
- Re: Implementing a Public Key Infrastructure Barbara Chung (DURTSCHI) (Feb 16)
- Re: Implementing a Public Key Infrastructure Joe St Sauver (Feb 16)
- Re: Implementing a Public Key Infrastructure Cary, Kim (Feb 20)
- Re: Implementing a Public Key Infrastructure Valdis Kletnieks (Feb 20)
- Re: Implementing a Public Key Infrastructure Eric Brewer (Feb 20)