"Joel C. Ewing" wrote: The RSA device that we used for remote access was user-specific and >clock-synced. To access the corporate VPN you had to supply your >network userid, and the user-specific pseudo-random numeric password >displayed by your RSA card. The pseudo-random password changed every >minute with an indication of how much time was left before the next >change. The process may have had a little tolerance to allow for typing >across the change boundary, but it wasn't much. Ours seemed pretty good >about staying in sync. After getting into VPN, getting into specific >servers or mainframe typically required additional userid and user password.
This is RSA SecurID you're talking about. I've used two different tokens in the last 15 years. One was just a display with a number that changed; never had any synch problems with that one. That was connecting to a huge company with well over 100K employees, so I assume they bought the Cadillac model. The other was for a somewhat smaller company, and had a display AND a button. When you pressed the button, the display would change. My daughter was looking at it and poked the button several times, and then I couldn't get in. I called their helpdesk and got it reset; a friend later explained that the button causes a new value, and the server end knows the *next few* values. So if you only press it once, then it works. Press it a couple of times, and it works, and the server says "OK, we skipped a value or two" and goes on from there. Press it a BUNCH of times, and the server won't look that far ahead. Seemed...cheesy to me (not that it wouldn't keep trying--doing so would be a security risk; cheesy as a way of doing "next value"). I'm sure there are other variations. One thing I thought was interesting was that the tokens were cheap enough that neither company wanted them back after the work was done. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
