-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Toseland wrote:
> I don't understand why a password and IP address is easier than a
> one-time reference. I suppose it has the advantage of being able to
> write it down - but for it to be secure it would need to be a one-time
> password; you'd need to generate a new one every time ...
>
> Hmmm. Maybe we should provide both mechanisms?
One thing that might be done is not having an increadibly secure password
protection (just
secure enough), but when somebody adds themselves via password they get added
in the
disabled mode, then the person tells you "It asks me to tell you to enable me"
and you do
so. If somebody intersepts the password in between and uses it, the second
person will get
a request to inform you that password has been used already, so you just go and
delete the
bugger who used it.
In other words: Bring security away from the machine and to the person.
- Volodya
- --
http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast
http://freeselfdefence.info/ Self-defence wiki
http://www.kingstonstudents.org/ Kingston University students' forum
"None of us are free until all of us are free." ~ Mihail Bakunin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFF7P/DuWy2EFICg+0RAtblAJ4vSyPViz4+lbcLO6n3FPA6b5deIwCguCcR
O8vOSZ8JrCwTaq565LAZfP0=
=5jwq
-----END PGP SIGNATURE-----
