Re: Token based OTP: SafeWord or SecurID?

[Rick Smith <rick_smith () securecomputing com>]

> --On Monday, September 18, 2000 11:30 AM -0500 kadokev () msg net wrote:
>
> > I just recently noticed that unlike SecurID, SafeWord has no provision to
> > use a PIN in combination with their key fob 'Safeword Silver 2000' token,
> > so they are out of the running.

I've been told that the SecurID PIN is essentially a reusable password, 
consisting of digits, that's used in conjunction with the key fob. To log 
in, you enter both the number on the fob and the reusable password.

The advantage is that attackers must work harder -- they must first 
intercept a successful login to retrieve the reusable part and then steal 
the fob to get the one time part. Furthermore, it involves less hardware 
since the fob doesn't need a keypad.

On the other hand, it makes the PIN weaker since it can be sniffed. Does 
anyone think this matters?

Disclaimer: I work for Secure Computing, which builds SafeWord. I want to 
be sure I understand the relevant difference between the two.

Rick.
smith () securecomputing com         roseville, minnesota


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards