--On Sunday, March 23, 2008 20:56:54 -0400 Larry Seltzer <[EMAIL PROTECTED]> wrote:
>>> The correct solution, IMO, would be an encrypted password vault, > stored on a USB drive and only available through the use of a password > and some other form of identification (biometric, etc.) > > What about kiosks and other situations where it wouldn't be secure to > allow arbitrary people to insert USB keys? You allow read-only access to USB keys. > This vault requires a support > system of some kind; does there need to be software on the system to > read it? Easily done on thumb drives that now contain gigs of memory. > Do you trust that software? > No, but then I don't trust any software. > This also presents the problem of when the user loses the key or if it > fails. They had better have a backup of it. A service doesn't have any > of these problems. > That's a weak excuse for avoiding responsibility. Technology cannot solve every problem. Nor should it. At some point *people* have to learn how to properly use computers and the internet, just as they had to learn how to properly operate and maintain vehicles. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
