8 digits here. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Steve Beaver <[email protected]> Sent: Monday, June 23, 2025 2:53 PM To: [email protected] <[email protected]> Subject: Re: MFA and scripting External Message: Use Caution My PIV has a 6 digit pin Sent from my iPhone No one said I could type with one thumb > On Jun 23, 2025, at 13:52, Seymour J Metz <[email protected]> wrote: > > The PIV isn't enough; you also need tp know the PIN. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > > > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > Steve Beaver <[email protected]> > Sent: Monday, June 23, 2025 11:03 AM > To: [email protected] <[email protected]> > Subject: Re: MFA and scripting > > > External Message: Use Caution > > > Where the Mainframe is concerned the Federal Government uses a PIV and IBM > MFA that > Creates a one-time password that has a VERY short time to use it > > > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Seymour J Metz > Sent: Monday, June 23, 2025 8:01 AM > To: [email protected] > Subject: Re: MFA and scripting > > The IRS uses a card and a PIN. Some Applications, e.g., TSO via InfoConnect, > support MFA directly, while others require a one-time passticket (OTT). > > There seems to be an MFA issue for nonstandard screen sizes. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > > > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > Colin Paice <[email protected]> > Sent: Monday, June 23, 2025 5:10 AM > To: [email protected] <[email protected]> > Subject: MFA and scripting > > > External Message: Use Caution > > > MFA is getting to be more of a requirement. > > How do people handle MFA when scripting from Windows and Linux? > > The basic rules are something you know, and something you have - which > makes it hard for scripts as there is no person to type things in. > > We can do certificate logon which avoids a password - but what other factor > can we use? If your password is encrypted ( or masked) on your laptop, > then bad guys with access to your machine can steal both your password and > your certificate, so this doesn't count. > > All I can think of is to have a hardware dongle like a Yubicon USB device > plugged into the laptop. > > You could have networking ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
