Security Basics mailing list archives
Re: Security procedure question
From: Nic Stevens <nic.stevens () gmail com>
Date: Tue, 03 Oct 2006 11:40:36 -0700
On of the clinics I deal with has computers in each exam room. These computers have cardkeys (much like the cardkeys used to control access in buildings) that are used to log in to those computers. No key, no login.
I have also seen ,in a medical clinic at the University of Washington, where a cardkey and a thumbprint are used to log in to those computers.
Adding physical access control, along with biometrics, to a simpler password scheme provides for a lot more security.
Take these measures and then restrict log ins to specific workstations and it's fairly bullet-proof.
The cardkey readers and biometrics cost more -- but how much does it cost recovering from a security breach?
missy.augustine () gmail com wrote:
I think the main issue with passwords is that many companies require you to have multiple complicated (one number, one special char, at least 8 characters) passwords and then need to be changed every 60-90 days, and can't be too close to older version of the password. Humans are inherently flawed, we have a much easier time remembering patterns, random letters numbers and characters do not come easy, and coupled with the fact we need to change them we are overwheled. Credit cards are 'relatively' easy to change, in business trying to get your password reset seems like pulling teeth.I really don't think there is a simple solution to the password problem, I think companies which utilizes sign in cards (with encryption of cource) with a pin #, then that card + pin can be used to open up other portals within the intranet are a step in the right direction.
-- "The men who create power make an indispensable contribution to the Nation’s greatness, but the men who question power make a contribution just as indispensable." -John F. Kennedy "Patriotism is not the blind following of leaders, rather, it is the questioning of those leaders when they act contrary to one's beliefs." - Me"Jesus done left Chicago" - Billy Gibbons
Nic Stevens (nic dot stevens at gee mail daught com) -- http://www.ducksfeet.com/nic --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Security procedure question Pranav Lal (Oct 02)
- RE: Security procedure question Cort Boecking (Oct 03)
- Re: Security procedure question Mario A. Spinthiras (Oct 03)
- RE: Security procedure question Nick Duda (Oct 03)
- Re: Security procedure question dubz (Oct 03)
- <Possible follow-ups>
- RE: Security procedure question Jordan Jason (Oct 03)
- RE: Security procedure question Maqhinga Sikhosana (Oct 03)
- RE: Security procedure question missy . augustine (Oct 03)
- Re: Security procedure question Nic Stevens (Oct 03)
- Re: Security procedure question Mario A. Spinthiras (Oct 04)
- RE: Security procedure question Craig Wright (Oct 05)