Re: Webmail authentication

["Nicole Nicholson" <nanicholson () hotmail com>]

David-

I wouldn't recommend password-only authentication to your webmail (or any 
remote connection to a company's internal resources).  Even if there was 
some trick in HTML or some IE setting to prevent a browser from storing a 
password (which I think there is), I'm sure someone will come up with a hack 
that will circumvent it next week (if it doesn't exist already).

My recommendation would be to use a one-time-password type of scheme such as 
token-based authentication (SecurID) or others such that a saved password is 
(mostly) useless.

-Nicole


-- SNIP --

My company is working on a webmail implementation, which requires that the 
user authenticate to an NT domain.  Regardless of the authentication method, 
there is always an option in the login dialog to 'Save this password in your 
password list', which seems to be browser driven.  I don't want my user 
population saving their passwords to various computers all over the world.  
Does anyone have a clue how to remove or disable this option?

David M. Brown
Director, IT Services
S Y N E R G E X
<www.synergex.com>
Office: 916 853-0396
Mobile: 916 718-6695
FAX:    916 635-6549



_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail