Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security procedure question

From: Nic Stevens <nic.stevens () gmail com>
Date: Tue, 03 Oct 2006 11:40:36 -0700
On of the clinics I deal with has computers in each exam room. These computers have cardkeys (much like the cardkeys used to control access in buildings) that are used to log in to those computers. No key, no login.
I have also seen ,in a medical clinic at the University of Washington, where a cardkey and a thumbprint are used to log in to those computers.
Adding physical access control, along with biometrics, to a simpler password scheme provides for a lot more security.
Take these measures and then restrict log ins to specific workstations and it's fairly bullet-proof.
The cardkey readers and biometrics cost more -- but how much does it cost recovering from a security breach? 


missy.augustine () gmail com wrote:
I think the main issue with passwords is that many companies require you to have multiple complicated (one number, one special char, at least 8 characters) passwords and then need to be changed every 60-90 days, and can't be too close to older version of the password. Humans are inherently flawed, we have a much easier time remembering patterns, random letters numbers and characters do not come easy, and coupled with the fact we need to change them we are overwheled. Credit cards are 'relatively' easy to change, in business trying to get your password reset seems like pulling teeth. 
I really don't think there is a simple solution to the password problem, I think companies which utilizes sign in cards 
(with encryption of cource) with a pin #, then that card + pin can be used to open up other portals within the intranet are 
a step in the right direction.


--
"The men who create power make an indispensable contribution to the Nation’s greatness, but the men who question power make 
a contribution just as indispensable."
       -John F. Kennedy

"Patriotism is not the blind following of leaders, rather, it is the questioning of those leaders when they act contrary to 
one's beliefs."
        - Me
"Jesus done left Chicago" - Billy Gibbons 

Nic Stevens (nic dot stevens at gee mail daught com) -- http://www.ducksfeet.com/nic


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: