Right off the bat I have to ask. What kind of authentication is required to download the client and then when you download the client isn't there authentication for that? Just asking. It just seems redundant.
John J. Boris, Sr. "Remember! That light at the end of the tunnel Just might be the headlight of an oncoming train!" >>> Bryan Ramirez <[email protected]> 1/11/2013 11:41 AM >>> at work we're having a discussion about 2 factor authentication. We're comparing the traditional RSA token with Symantec's VIP Access solution. The upside with the RSA token seems to be that it has a token that is completely separate from your environment that displays the one time portion of your password. However, it requires that you manage the logistics of dealing with and tracking the physical tokens. The symantec VIP solution allows you to download a client for your phone, mac, or PC that displays the one-time portion of your password. My hesitation with the Symantec solution is that it's most convenient to download the client onto the computer you'll be using to access your environment. How much of a risk is this? Is this really two factor authentication at this point, realistically speaking.. or is the risk of someone screengrabbing your password too far out there? -Bryan _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
