Security Basics mailing list archives
Re: Webmail authentication
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 19 Dec 2002 15:57:21 -0800
From: "David Brown" <David.Brown () synergex com> My company is working on a webmail implementation, which requires that the user authenticate to an NT domain. Regardless of the authentication method, there is always an option in the login dialog to 'Save this password in your password list', which seems to be browser driven. I don't want my user population saving their passwords to various computers all over the world. Does anyone have a clue how to remove or disable this option?
If you mean browsers on your corporate network you can disable it in IE\tools\options or lock it down using local security policy/active directory (this assumes you're using IE, don't think that will work for mozilla, netscape, opera, or lynx) Basically though I would not rely on this method even if you are using IE. I recommed that instead of allowing your users to type in their passwords into a javascript form box, you should use another authentication method. Certificates might be a good idea or you could create a virtual keyboard on the sign in page, and have them click on the buttons to enter their password. Whatever you come up with, I agree that having your passwords saved all over the place is a bad idea, and you might want to consider forcing them to use a different password for email than their logon password.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Live dangerously, overclock your servers." _________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Re: Webmail authentication, (continued)
- Re: Webmail authentication Michael Boman (Dec 20)
- Re: Webmail authentication M. Zeeshan Mustafa (Dec 20)
- Re: Webmail authentication Peter Howard (Dec 20)
- Re: Webmail authentication mike ryan (Dec 20)
- RE: Webmail authentication Christian Freas (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- RE: Webmail authentication Anthony, Shayla (Dec 20)
- Re: Webmail authentication Nicole Nicholson (Dec 20)
- Re: Webmail authentication wbjw (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)
- RE: Webmail authentication Paul Carroll (Dec 20)
- RE: Webmail authentication Marc Suttle (Dec 20)
- Re: Webmail authentication riscorp (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)