Re: Passwords and Secure SSO

[Cal Frye <cjf () CALFRYE COM>]

Sounds machine-specific. So when the user goes out to an Internet cafe somewhere
he suddenly can't login to his Amazon.com account? Or do I misunderstand...

--Cal Frye, Network Administrator, Oberlin College
 www.ouuf.org, www.calfrye.com

  "There is a whole world which I alone rule, but it ends at my fingertips." --
Ashleigh Brilliant (c) 1981.


Kay Sommers wrote:
> Secure passwords continue to a challenge.    Has anybody looked at using
> PasswordScrambler as an approach to secure SSO?
> PasswordScrambler is a bookmarklet or chunk of Java code wired to a
> button on the browser's linkbar.  It is activated when the user is on a
> page that's displaying a password field.   The script prompts for a
> master pass phrase and then combines it with the domain name of the site
> being visited, hashes the combination to produce a scrambled string and
> puts that into the password field.  The user can use the same master
> pass phrase on a different site and it produces a different password.
> It uses nothing but local JavaScript code.   So the user only has to
> remember one secret, derives many storng passwords from it and never
> stores or transmits the secret.
>
> PasswordScrambler is supported in IE and Firefox and is free:
> http://www.onepassword.com/1p/default.aspx
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.