|
Mike - First a vendor comment. If you are looking at the RSA SecurID version of the 2 factor token, Safestone provides a solution whereby you can use that on authenticating to the System i. Feel free to contact me offline if you need any information. Personally, working in the security space I see a real split between how passwords are enforced. Some organizations are so driven by ease of use for the business, that they make the rules simple, and therefore unsafe. Others who have been pushed by impractical auditors enforce very strong rules, and then we see the passwords written down or stored - as people have already commented. One thing I rarely see is password training / advice for the users. Ideally what the users need to be told is some strategies for creating a password which fits the organizations medium strength rules that they will remember. Otherwise abuse will always occur. Regards Martin A Norman Technical Services SafeStone Technologies mnorman@xxxxxxxxxxxxxxxx 1-215-540-8517 ext. 8018 This email and/or attachments are privileged and confidential and intended solely for the addressee. If you are not the intended recipient, please notify us immediately. Disclosure, distribution or copying of this email other than by the addressee is strictly prohibited. The company does not warrant that the information is free of a virus or any other defect that may affect the recipient's computer system and it is your responsibility to scan attachments (if any). message: 6 date: Thu, 8 Mar 2007 09:10:51 -0500 from: "Mike Cunningham" <mcunning@xxxxxxx> subject: RE: password policy and system rules We are looking at the random password generators that people have to carry with them at all times. New password every 60 seconds. I would like to be able to do the fingerprint option but in addition to the 1,200 employees we also have 7,000 students. Any both of these groups work from campus, from home and on the road. I can't provide fingerprint readers at that volume. I think biometrics has reached the point where PC manufactures should start including them on everything they make and motherboard BIOS's setup to use them. In 5 years the majority of the PCs in use would not have passwords to deal with.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.