Educause Security Discussion mailing list archives

Re: Two factor Authentication

From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 24 Sep 2009 16:22:21 -0400

We've used SafeWord, from (formerly) Secure Computing (now from Aladdin) for several years.  It's a lot like the others 
(e.g. RSA) but is different in that its tokens are not time-sync'd (they seem instead to be sequence-sync'd), and so 
each press of the button yields a one-time password that is immediately invalid once used.  Hence, quick-turn reuse 
attacks are unsuccessful.  With time-sync'd tokens, the same password may work for a given interval, such as  a minute. 
 Perhaps my info is dated and this risk has been mitigated in those products.

You may want to look at nuances like that as you make your selection.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James C 
Farr '05
Sent: Thursday, September 24, 2009 3:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Two factor Authentication

We are looking at two-factor authentications options for people to use when traveling.

Does anyone have good or bad experiences they can share?
If so what Solution did you choose?
Why did you chose the that solution?

Thank you for your input.

James Farr
Information Security Officer
Instructional Technologist
Utica College
jfarr () utica edu<mailto:jfarr () utica edu>
315-223-2386

Current thread:

Two factor Authentication James C Farr '05 (Sep 24)
- <Possible follow-ups>
- Re: Two factor Authentication Gary Dobbins (Sep 24)
- Re: Two factor Authentication Neil Matatall (Sep 25)
- Re: Two factor Authentication Stanclift, Michael (Sep 25)