[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Security tokens

To: jxh@jxh.com, sage-members@sage.org
Subject: Re: [SAGE] Security tokens
From: John Sellens <jsellens@generalconcepts.com>
Date: Mon, 20 Jan 2003 16:12:54 -0500 (EST)
Sender: owner-sage-members@usenix.org

| From: Jim Hickstein <jxh@jxh.com>
| 
| There is far too much laxity here about 
| keeping passwords secret, even if they're strong.
| ...  Forcing them in 
| this case to surrender the one device that gives them their own access, 
| i.e. making it non-duplicable, is the only way I can see to stop this.

Jim's point here is important, and often overlooked.  A token prevents
people from sharing passwords (easily) and helps ensure that all your
"role based" access rules on the network don't get trivially bypassed
by someone "just trying to help".

Remember: sometimes we do things to protect ourselves from other
people, and sometimes we do things to protect ourselves from ourselves.

John

Follow-Ups:
- Re: [SAGE] Security tokens
  - From: Jim Hickstein <jxh@jxh.com>

Prev by Date: Re: [SAGE] Security tokens
Next by Date: Re: [SAGE] Security tokens
Prev by thread: Re: [SAGE] Security tokens
Next by thread: Re: [SAGE] Security tokens
Index(es):
- Date
- Thread