In this case you would have to have the hardware token in your hand AND know the password. I don't think this can be done unless the accountholder is cooperating.
By the way, I need to quit answering email here while doing other stuff. I need to clarify a couple of points from last night. 1) There is no default password. The user sets the password up and nobody else knows it. So unless the user tells it to you or writes it on a sticky note, one part of the two-factor authentication is unavailable. 2) RSA is an encryption algorith. SecureID is a technology based on that algorithm. As I mentioned last night, afik nobody has cracked the encryption algorithm without knowing the seed. Should this happen however (and this is not script kiddie stuff) there are further safeguards built into the technology, such as account lockout. On Fri, Sep 19, 2008 at 6:32 AM, Bill Wheatley <[EMAIL PROTECTED]> wrote: > Unhackable doesn't exist. You can always hack the user :) But i get the > point you were making. Just being a smart ass. > > On Fri, Sep 19, 2008 at 12:13 AM, Dana <[EMAIL PROTECTED]> wrote: > >> > again with Bush? >> >> ::shrug:: they seem to have the same problem, what can I say? I can't >> help it if they are stupid too. >> >> http://en.wikipedia.org/wiki/Bush_White_House_e-mail_controversy >> >> > I think criminal stupidity is assuming that professional hackers can't >> > get into most things they want to get into. >> >> Well gee then. Let's not bother with any kind of security safeguards. >> >> Seriously, do you know how stupid that statement makes you sound? It's >> pretty well accepted in network security that very high-level data >> integrity and security is possible IF USERS FOLLOW PROCEDURES. Which >> Palin seems to have a problem doing. I am an RSA SecureID certified >> administrator, Robert, and I work in network security. This is >> arguably an expert opinion here. Not an assumption. I dunno if Alaska >> uses RSA but the Pentagon probably does. Or should. It's not hackable >> unless the user writes the password down or tells it to someone, then >> hands over the token as well. >> >> So unhackable does exist, dude. If people have proper respect for security. >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:270203 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
