Firewall Wizards mailing list archives
Re: Username password VS hardware token plus PIN
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 22 Feb 2005 11:39:25 -0600
On Tue, 2005-02-22 at 10:08 -0500, MHawkins () TULLIB COM wrote:
What solutions are out there that do not use a PIN but use some username/password combination along with the hardware/software token?
Why would you need that? In both cases you need a user name to identify the user. In case of password-only, you just the password, something you know. In case of token, you use the token (something you have), and the PIN (something you know). The PIN is in a sense acting as the password. Why would you need two passwords? Another advantage that tokens have (but also other OTP schemes like OTP calculators) is that the password/token-response is only valid once. If someone intercepts the given token code during authentication, he should not be able to use the same information again. Just like a one-time-password created by an OTP calculator. The valid-only-once advantage is something a static username/password can not provide. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Username password VS hardware token plus PIN, (continued)
- Re: Username password VS hardware token plus PIN David Lang (Feb 24)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- Re: Username password VS hardware token plus PIN Andras Kis-Szabo (Feb 23)
- Re: Username password VS hardware token plus PIN Kevin Sheldrake (Feb 23)
- Re: Username password VS hardware token plus PIN Paul D. Robertson (Feb 24)
- RE: Username password VS hardware token plus PIN Ben Nagy (Feb 22)
- RE: Username password VS hardware token plus PIN Mark Gumennik (Feb 22)
- AES SecurID Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Paul D. Robertson (Feb 22)
- Re: Username password VS hardware token plus PIN Patrick M. Hausen (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- Re: Username password VS hardware token plus PIN David Lang (Feb 24)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- RE: Username password VS hardware token plus PIN Crissup, John (MBNP is) (Feb 22)
- FW: Username password VS hardware token plus PIN Paul Melson (Feb 22)
- RE: Username password VS hardware token plus PIN Behm, Jeffrey L. (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- Re: Username password VS hardware token plus PIN Kevin (Feb 23)
- Message not available
- RE: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 23)