If it becomes essential to type your user password with such frequency as many fanatics would have it, it also becomes easier to slip a fake log in screens in front of people, as logging in yet again becomes something done with progressively more annoyance and less question or caution.
Wait.. that's already done. Hence why phishing sites have as high a success rate as they do. One user login process enabling everything that user normally does within a given session within the users usual network seems much more secure to me than having to log in for the upteenth time just to connect to the office coffee machine. One assumes logging into the network is a normal part of the days start up procedure? :) On Monday 07 May 2007 09:00, Jonathan Bell wrote: b) if he does it every time _anyway_ then it's a usability issue rather than a security issue I authenticate myself on my workstation when I get to work. If I had to type in my password to connect to the network.... then the network shares... then the coffee machine... I'd get a little annoyed.
