Firewall Wizards mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 11 Dec 2000 08:54:56 -0800 (PST)
On Sun, 10 Dec 2000, Michael H. Warfield wrote:
I used to administer a decent sized userbase of a Safeword tokens. If one of them went nuts (about 1 in 100) we'd give them a new one.
BTW, reading my own words... I meant the token going nuts, not the user (in case that wasn't clear :) )
And in the mean time, while they wait for IS, they are down. Typical IS mentality.
Typical security mentality. If your token breaks, you are down until you get a new one, too bad. You have to be a bit of a BOFH to admin tokens The Right Way. If you go go around giving out keys for use in soft tokens, which users can then give to their buddies, co-workers, etc.. or switch to static passwords "temporarily", or whatever your workaround, then you're just weakening your authentication infrastructure. I would next-day cards to people who needed them, and I had supplies with security admins to whom I'd delegated some authority in various parts of the world, in order to not have problems with customs. If the user couldn't wait, then he or she could drive into the nearest field office, which users were rarely more than an hour or two away from. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Dec 08)
- Re: Token based OTP: SafeWord or SecurID? Ryan Russell (Dec 09)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Dec 10)
- Re: Token based OTP: SafeWord or SecurID? Michael H. Warfield (Dec 12)
- Re: Token based OTP: SafeWord or SecurID? Ryan Russell (Dec 12)
- Re: Token based OTP: SafeWord or SecurID? Michael H. Warfield (Dec 12)
- Re: Token based OTP: SafeWord or SecurID? Ryan Russell (Dec 14)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Dec 10)
- Re: Token based OTP: SafeWord or SecurID? David Wagner (Dec 14)
- Re: Token based OTP: SafeWord or SecurID? Ryan Russell (Dec 09)