Full Disclosure mailing list archives
Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)
From: Gareth Davies <gareth.davies () mynetsec com>
Date: Mon, 27 Mar 2006 12:12:07 +0800
Anders B Jansson wrote:
Biometrics fail as been shown several times before.Biometrics require that there's no way of obtaining that information from the user, or that there's no way to enter this data without the actual user being present.And even then they fail the actual user has a gun at his temple. </esoteric rant>
Then we need to return to the old mainframe concept of duress alarms (login with a * at the end or alternate login for situations when you are under duress).
The oldskool ;) -- Gareth Davies - BS7799 LA, OPST Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920
www.mynetsec.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) coderman (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Anders B Jansson (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) James Longstreet (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Anders B Jansson (Mar 26)
- Re: guidelines for good password policyand maintenance / user centric identity with single passwords(or a small number at most over time) <...> (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Gareth Davies (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Valdis . Kletnieks (Mar 26)
- Re: guidelines for good password policy andmaintenance / user centric identity with single passwords (or asmall number at most over time) Dave Korn (Mar 28)
- Re: Re: guidelines for good password policy andmaintenance / user centric identity with single passwords (or asmall number at most over time) Michael Holstein (Mar 28)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) James Longstreet (Mar 26)
- Re: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Anders B Jansson (Mar 26)