Educause Security Discussion mailing list archives
Re: password vs pass-phrase
From: "Flynn, Gerald" <flynngn () JMU EDU>
Date: Fri, 19 Mar 2010 13:25:21 -0400
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Case Sent: Friday, March 19, 2010 10:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] password vs pass-phrase-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Friday, March 19, 2010 12:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] password vs pass-phrase On 19/03/2010, at 1:51 PM, Eric Case wrote:Why not some of the smart phone stuff like the VeriSign's VIP forMobile<http://www.verisign.com/authentication/two-factor-authentication/vip-access-for-mobile>? No reader to buy, no card to purchase.Based on SMS?No. It's an app that runs on the phone. Basically the app turns your phone into a key fob.
There are open source options too: http://motp.sourceforge.net/ And open source server side stuff: http://code.google.com/p/mod-authn-otp/ http://code.google.com/p/mod-authn-otp/wiki/Tokens (includes list of OATH hardware and software tokens that will work with it without proprietary vendor server software) I wonder how hard it would be to make the user file an indirect pointer to an LDAP lookup And integration points http://motp.sourceforge.net/#6 including: Radius (VPN OTP auth anyone?) Mobile-OTP PAM OpenID http://www.clavid.com/index.php?option=com_content&task=view&id=124&Itemid=157&lang=en Which brings up interesting integration possibilities: OpenID for Apache http://www.packetizer.com/security/openid/ OpenID for .NET http://www.dotnetopenauth.net/ Certification of Identity Providers http://openidentityexchange.org/certification-process Shibboleth OpenID Identity Provider https://spaces.internet2.edu/display/SHIB2/IdP+OpenID It just keeps getting better and better :)
Current thread:
- Re: password vs pass-phrase Ken Connelly (Mar 18)
- <Possible follow-ups>
- Re: password vs pass-phrase Joel Rosenblatt (Mar 18)
- Re: password vs pass-phrase Eric Case (Mar 18)
- Re: password vs pass-phrase Russell Fulton (Mar 18)
- Re: password vs pass-phrase Eric Case (Mar 18)
- Re: password vs pass-phrase Joel Rosenblatt (Mar 18)
- Re: password vs pass-phrase Russell Fulton (Mar 19)
- Re: password vs pass-phrase Eric Case (Mar 19)
- Re: password vs pass-phrase Flynn, Gerald (Mar 19)
- Re: password vs pass-phrase Allison Dolan (Mar 23)
- Re: password vs pass-phrase Russell Fulton (Mar 27)