Firewall Wizards mailing list archives
Re: Username password VS hardware token plus PIN
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 23 Feb 2005 20:18:50 -0500
Dragos Ruiu wrote:
The problem with the old PDA idea is user reluctance.
Then get SecurIDs or whatever for the few users who insist on 'em. But there are PDAs that are tiny, too - credit card size like the Oregon Scientific PDA293 ($9.95 at officedepot.com) or Xircom's Rex, which needs no cradle because it fits in a PCMCIA slot to sync and recharge... Basically, you're just conveying excuses. And you're making them sound better by implying that they are from some senior manager who can't carry a credit card sized device along with his golf clubs. But the truth is that he's not going to tolerate *anything* that enhances security because he's a moron. You know it, and I know it, so let's not beat around the bush. I've been in this industry long enough that I can pretty readily identify the sound of "it's not gonna happen" without having to wait for the chorus. In fact, like a lot of the Associated Computer Security Gray Beards (ACSGB) I can accurately name that tune in the first couple of notes. Every time I hear some Networking Weenie start talking about "router performance concerns" I know filtering isn't going in place on their networks. Or I hear the tune of "latency" I know the firewall's going down, etc, etc. When I hear the "portability" "power" "ease of use" or "software integration" I know 2 factor authentication is toast for that site. It starts off with the complaining and ends with only the sysadmins (because after all they're the least trustworthy people on the network, right?) using the 2 factor authentication while everyone else uses their dog's names as their passwords and life goes on... ;) Try reverse-manhood-belittling psychology on those executives, "what? your employees are so out of shape they can't lift a measly 5-lb dongle? there are programmers at XYZ.com who carry 15-lb dongles all day long. what do you mean your users are going to complain? can't you command obedience from your employees? are you some kind of girly-exec or what? do you think Larry Ellison's staff would dare complain to him about a dongle? he'd staple it to their lower lip if they did.." etc... ;) mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Username password VS hardware token plus PIN, (continued)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 23)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 23)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 23)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Adam Shostack (Feb 22)
- SSL cert expiration hermit921 (Feb 23)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 23)
- Re: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 23)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN John Hall (Feb 24)
- Re: Username password VS hardware token plus PIN David Lang (Feb 24)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- Re: Username password VS hardware token plus PIN Andras Kis-Szabo (Feb 23)
- Re: Username password VS hardware token plus PIN Kevin Sheldrake (Feb 23)
- Re: Username password VS hardware token plus PIN Paul D. Robertson (Feb 24)