On Tue, 12 Sep 2000, Lodin, Steven {IT S~Indianapolis} wrote:
> The ones that have the RSA Security logo on them work much faster than the
> ones that have the Security Dynamics logo on them :-)
Yeah, but you can pay extra for your own logo, those are the real hotrods!
;)
It's worth mentioning that the SecureID tokens have a duress mode built-in
as well, single access then dead token. That could be important for some
people.
> Seriously, RSA delivers tokens in multiple form factors.
>
> 1) Key fob - can attach to key chain or badge holder, not as clunky as they
> used to be
Also pretty hardy. I don't recommend any other form factor in most
circumstances. I've *never* seen a broken key fob- not the old or the new
ones.
> 2) Credit card - steel case that is less likely to be destroyed by portable
> computers
More likely to be sat upon and broken in a wallet (yes, I've seen a *lot*
of that).
> 3) Credit card w/PINpad - no experience with this
Ditto.
> 4) Smartcard - no experience with this
Ditto.
> 5) Software Token for PCs - user enters PIN and with Login Automation, is
> automatically logged in to the remote access system
Refuse to use this.
> 6) Software Token for PalmPilot - user enters PIN and gets Passcode to enter
Refuse to use this too.
> Some questions that come to mind:
>
> a) Has anyone done a risk analysis or comparison of Software Tokens vs.
> Digital Certificates in terms of security, functionality, ease of use,
> etc...?
I've done some informal ones, perhaps I'll write something more
comprehensive soon.
> b) I know that L0pht/@stake were going to look at the security of the Pilot
> software token. Has anyone heard anything about that?
Nope, but with the soft tokens, DMCA notwithstanding, the algorithm is
about to undergo significantly more review :)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
