Security Basics mailing list archives
Re: Webmail authentication
From: "Nicole Nicholson" <nanicholson () hotmail com>
Date: Thu, 19 Dec 2002 11:01:06 -0800
David-I wouldn't recommend password-only authentication to your webmail (or any remote connection to a company's internal resources). Even if there was some trick in HTML or some IE setting to prevent a browser from storing a password (which I think there is), I'm sure someone will come up with a hack that will circumvent it next week (if it doesn't exist already).
My recommendation would be to use a one-time-password type of scheme such as token-based authentication (SecurID) or others such that a saved password is (mostly) useless.
-Nicole -- SNIP --My company is working on a webmail implementation, which requires that the user authenticate to an NT domain. Regardless of the authentication method, there is always an option in the login dialog to 'Save this password in your password list', which seems to be browser driven. I don't want my user population saving their passwords to various computers all over the world. Does anyone have a clue how to remove or disable this option?
David M. Brown Director, IT Services S Y N E R G E X <www.synergex.com> Office: 916 853-0396 Mobile: 916 718-6695 FAX: 916 635-6549 _________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Webmail authentication David Brown (Dec 19)
- Re: Webmail authentication C-Foo (Dec 20)
- Re: Webmail authentication Michael Boman (Dec 20)
- Re: Webmail authentication M. Zeeshan Mustafa (Dec 20)
- Re: Webmail authentication Peter Howard (Dec 20)
- Re: Webmail authentication mike ryan (Dec 20)
- <Possible follow-ups>
- RE: Webmail authentication Christian Freas (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- RE: Webmail authentication Anthony, Shayla (Dec 20)
- Re: Webmail authentication Nicole Nicholson (Dec 20)
- Re: Webmail authentication wbjw (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)
- RE: Webmail authentication Paul Carroll (Dec 20)
- RE: Webmail authentication Marc Suttle (Dec 20)
- Re: Webmail authentication riscorp (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)